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(54) System and method for processing protected data 



(57) A secure appplication module (SAM) receives 
a secure container in which content data encrypted with 
content key data, the encrypted content key data, and 
usage control policy (UCP) data designating a handling 



policy of the content data are stored, and determines at 
least one of the purchase mode and the usage mode of 
the content data based on the UCP data. The SAM 
serves as a slave for a host CPU, and is also provided 
with a common memory shared with the host CPU. 
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Description 

[0001] The present invention relates to a data 
processing apparatus and systenn for performing 
processing for provided content data, and a data 
processing method for such an apparatus and a system. 
[0002] A data providing system for distributing en- 
crypted content data to data processing apparatuses of 
users who have made a predetemnined contract and for 
enabling the data processing apparatuses to decode the 
content data and to read and record it is available. One 
type of such data providing systems is a conventional 
electronic music distribution (EMD) system for distribut- 
ing music data. 

[0003] Fig. 106 is a schematic diagram illustrating a 
conventional EMD system 700. In the EMD system 700, 
content providers 701a and 701b encrypt content data 
704a, 704b, and 704c, and copyright information 705a, 
705b, and 705c by using session l^ey data obtained after 
perfonning mutual authentication, and then provide the 
encrypted data to a service provider 710 online or of- 
fline. The copyright information 705a, 705b, and 706c 
may include serial copy management system (SCMS) 
information, digital watermark information for embed- 
ding copyright information into the content data, and in- 
formation for embedding copyright infonnatlon into 
transmission protocols of the service provider 710. 
[0004] The service provider 710 decodes the received 
content data 704a, 704b, and 704c, and the copyright 
infomnation 705a. 705b, and 705c by the use of the ses- 
sion key data. 

[0005] The service provider 710 then embeds the 
copyright information 705a, 705b, and 705c into the de- 
coded content data 704a, 704b, and 704c which have 
been received online or offline so as to create content 
data 707a, 707b, and 707c. In this case, as part of the 
copyright information 704a, 704b, and 704c, the sen/ice 
provider 710 embeds the digital watennark information 
into the content data 704a, 704b, and 704c by changing 
predetermined frequency domains, and embeds the 
SCMS information into network protocols used for trans- 
mitting the content data 704a, 704b, and 704c to the us- 
er. 

[0006] The service provider 710 also encrypts the 
content data 707a, 707b, and 707c by using content key 
data Kca, Kcb, and Kcc, respectively, read from a key 
database 706. Subsequently, the service provider 710 
encrypts a secure container 722, which stores the en- 
crypted content data 707a, 707b, and 707c, by using 
session key data obtained after perfonning mutual au- 
thentication, and sends the encrypted secure container 
722 to a conditional access (CA) module 711 stored in 
a temninal device 709 of the user. 
[0007] The CA module 71 1 decodes the secure con- 
tainer 722 by using the session key data. The CA mod- 
ule 71 1 also receives the content key data Kca, Kcb, and 
Kcc from the key database 706 of the service provider 
710 by using an accounting function, such as an elec- 



tronic settlement system or a CA, and decodes it by us- 
ing the session key data. This enables the temninal de- 
vice 709 to decode the content data 707a, 707b, and 
707c by using the content key data Kca, Kcb, and Kcc, 
5 respectively. 

[0008] The CA module 711 performs accounting 
processing for each content so as to generate account- 
ing information 721 , and encrypts it by using the session 
key data and sends it to a rights processing module 720 
10 of the service provider 710. 

[0009] In this case, the CA module 711 performs the 
processing on the Items concerning the services provid- 
ed by the service provider 710, in otherwords, the Items 
to be managed by the service provider 710, such as us- 
'5 er's contract (renewal) infomnation, collection of, for ex- 
ample, a monthly basic fee incurred by using a network, 
accounting processing for each content, and ensuring 
the security of the physical layer of the network. 
[0010] Upon receiving the accounting infonnation 721 
from the CA module 71 1 , the service provider 71 0 dis- 
tributes the profits between the service provider 71 0 and 
the content providers 701a, 701b, and 701c. In this 
case, the profits are distributed from the service provider 
71 0 to the content providers 701 a, 701 b, and 701 c via 
an intermediary, for example, the-Japanese Society for 
Rights of Authors, Composers and Publishers (JAS- 
RAC). JASRAC also distributes the profits of the content 
providers 701a, 701b, and 701c to the copyright holder, 
the artist, the composer, the writer, and the production 
company of the content data, etc. 
[0011] In recording the content data 707a, 707b, and 
707c decoded with the content key data Kca, Kcb, and 
Kcc, respectively, on a recording medium 723, such as 
a random access memory (RAM), the terminal device 
709 performs copy control by ovenwrlting the SCMS bits 
of the copyright information 705a, 705b, and 705c. That 
is, the user performs copy control based on the SCMS 
bits embedded into the content data 707a, 707b, and 
707c, thereby Implementing copyright protection. 
[0012] The SCMS prohibits the copying operation of 
the content data, for example, for two or more genera- 
tions (copy free), but allows unlimited one-generation 
copying (copy once), and is thus insufficient for copy- 
right protection. 

[0013] In the above-described EMD system 700, it is 
necessary for the content provider 701 to monitor the 
action of the service provider 710, who is technically 
able to freely handle the unencrypted content data, and 
the profit of the content providers 701a, 701b, and 701c 
may be unfairly 5 exploited. 

[0014] Additionally, in the EMD system 700, it is diffi- 
cult to restrict illegal actions of the user's terminal device 
709, such as authoring the content data distributed from 
the service provider 71 0 and re-distributing it to another 
10 terminal device, thereby also unfairly exploiting the 
profits of the content providers 701a, 701b, and 701c. 
[0015] Accordingly, in addressing the aforementioned 
problems inherent in the related art, it is an aim of at 
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least an embodiment of the present invention to provide 
a 15 data processing apparatus, a data processing sys- 
tem, and a data processing method therefor for suitably 
protecting the profits of a content-rights holder, such as 
a content provider. 

[0016] It is another aim to provide a data processing 
20 apparatus, a data processing system, and a data 
processing method therefor, for reducing a load for pro- 
tecting the profits of a content-rights holder, such as a 
content provider. 

[0017] According to one aspect of the present inven- 
tion, there is provided a data processing apparatus for 
perfonning rights processing of content data encrypted 
with content key data based on usage control policy 
(UCP) data, and for decrypting the encrypted content 
key data. The data processing apparatus include within 
a tamper-resistant circuit module: a first bus; an arith- 
metic processing circuit connected to the first bus, for 
perfomning the rights processing of the content data 
based on the UCP data; a storage circuit connected to 
the first bus; a second bus; a first interface circuit inter- 
posed between the first bus and the second bus; an en- 
cryption processing circuitconnected to the second bus, 
for decrypting the content key data; and an external bus 
interface circuit connected to the second bus. 
[0018] According to the aforementioned data 
processing apparatus, content data, corresponding 
content key data, and corresponding UCP data are dis- 
tributed, and also, license key data for decrypting the 
content key data is distributed. The license key data is 
stored, for example, in the above-described storage cir- 
cuit. 

[0019] Then, in response to an instruction to perform 
rights processing from an external arithmetic processing 
apparatus via the external bus interface circuit, the 
rights processing of the content data based on the UCP 
data is executed in the aforementioned arithmetic 
processing circuit. Thereafter, the content key data is 
decrypted in the arithmetic processing circuit by using 
the license key data read from the storage circuit. 
[0020] The aforementioned data processing appara- 
tus performs mutual authentication with another decod- 
ing apparatus, and encrypts the decrypted content key 
data and content data by using the session key data ob- 
tained by mutual authentication, and sends them to the 
decoding apparatus. 

[0021] In the aforementioned data processing appa- 
ratus may further include a second interface circuit with- 
in the tamper-resistant circuit module. The first bus may 
include a third bus connected to the arithmetic process- 
ing circuit and the storage circuit, and a fourth bus con- 
nected to the first interface circuit, and the second inter- 
face circuit may be interposed between the third bus and 
the fourth bus. 

[0022] The aforementioned data processing appara- 
tus may further include within the tamper- resistant cir- 
cuit module: a fifth bus; a third interface circuit connect- 
ed to the fifth bus, for performing communication with a 



data processing circuit having an authentication func- 
tion which is loaded on one of a recording medium and 
an integrated circuit card; and a fourth interface circuit 
interposed between the fourth bus and the fifth bus. 
5 [0023] In the aforementioned data processing appa- 
ratus, the encryption processing circuit may include a 
public-key encryption circuit and a common-key encryp- 
tion circuit. 

[0024] In the aforementioned data processing appa- 
10 ratus, the storage circuit may store private key data of 
the data processing apparatus and public key data of a 
second data processing apparatus. The public-key en- 
cryption circuit may verify the integrity of signature data, 
which verifies the integrity of the content data, the con- 
^5 tent key data, and the UCP data, by using the corre- 
sponding public key data. When recording the content 
data, the content key data, and the UCP data on a re- 
cording medium or when sending them to the second 
data processing apparatus, the public-key encryption 
20 circuit may create signature data, which verifies the in- 
tegrity of the content data, the content key data, and the 
UCP data, by using the private key data. The common- 
key encryption circuit may decrypt the content key data, 
and when sending the content data, the content key da- 
25 ta, and the UCP data to the second data processing ap- 
paratus online, the common-key encryption circuit may 
encrypt and decrypt the content data, the content key 
data, and the UCP data by using session key data ob- 
tained by perfomning mutual authentication with the see- 
so ond data processing apparatus. 

[0025] The aforementioned data processing appara- 
tus may further include a hash-value generating circuit 
within the tamper-resistant circuit module, for generat- 
ing hash values of the content data, the content key data 
35 and the UCP data. Thepublic-key encryption circuit may 
verify the integrity of the signature data and may create 
the signature data by using the hash values. 
[0026] The aforementioned data processing appara- 
tus may further include a random-number generating 
^0 circuit within the tamper-resistant circuit module. The 
random-number generating circuit may be connected to 
the second bus, for generating a random number for 
performing mutual authentication with the second data 
processing apparatus when sending the content data, 
^5 the content key data, and the UCP data to the second 
data processing apparatus online. 
[0027] In the aforementioned data processing appa- 
ratus, the external bus interface circuit may be connect- 
ed to an external storage circuit for storing at least one 
50 of the content data, the content key data, and the UCP 
data. 

[0028] The data processing apparatus may further in- 
clude a storage-circuit control circuit for controlling ac- 
cess to the storage circuit and access to the external 
55 storage circuit via the external bus interface circuit In 
accordance with a command from the arithmetic 
processing circuit. 

[0029] In the aforementioned data processing appa- 



3 



BNSDOCID: <EP 1130492A2J_> 



5 



EP 1 130 492 A2 



6 



ratus, the external bus interface circuit may be connect- 
ed to a host arithmetic processing apparatus for central- 
ly controlling a system on which the data processing ap- 
paratus is loaded. 

[0030] The aforementioned data processing appara- 
tus may further include a storage management circuit 
for managing an address space of the storage circuit 
and an address space of the external storage circuit. 
[0031] In the aforementioned data processing appa- 
ratus, the arithmetic processing circuit may determine 
at least one of a purchase mode and a usage mode of 
the content data based on a handling policy indicated 
by the UCP data, and may create log data indicating a 
result of the determined mode. 

[0032] In the aforementioned data processing appa- 
ratus, after detemnining the purchase mode, the arith- 
metic processing circuit may create usage control status 
data in accordance with the determined purchase mode, 
and may control the use of the content data based on 
the usage control status data. 

[0033] In the aforementioned data processing appa- 
ratus, in recording the content data, for which the pur- 
chase mode is determined, on a recording medium, the 
common-key encryption circuit may encrypt the content 
key data and the usage control status data by using me- 
dium key data corresponding to the recording medium. 
[0034] In the aforementioned data processing appa- 
ratus, the content key data may be encrypted with li- 
cense key data having an effective period. The storage 
circuit may store the license key data. The data process- 
ing apparatus may further include a real time clock for 
generating real time. The arithmetic processing circuit 
may read the effective license key data from the storage 
circuit based on the real time indicated by the real time 
clock. The common-key encryption circuit may decrypt 
the content key data by using the read license key data. 
[0035] In the data processing apparatus, the storage 
circuit may write and erase data in units of blocks. The 
data processing apparatus may include within the 
tamper- resistant circuit module, a write- lock control cir- 
cuit for controlling the writing and erasing of the data 
into and from the storage circuit in units of blocks under 
the control of the arithmetic processing circuit. 
[0036] According to another aspect of the present in- 
vention, there is provided a data processing apparatus 
for performing rights processing of content data encrypt- 
ed with content key data based on UCP data, and for 
decrypting the encrypted content key data. The data 
processing apparatus includes within a tamper-resistant 
circuit module: a first bus; an arithmetic processing cir- 
cuit connected to the first bus, for performing the rights 
processing of the content data based on the UCP data; 
a storage circuit connected to the first bus; a second 
bus; an interface circuit interposed between the first bus 
and the second bus; an encryption processing circuit 
connected to the second bus, for decrypting the content 
key data; and an external bus interface circuit connected 
to the second bus. Upon receiving an interrupt from an 



external circuit via the external bus interface circuit, the 
arithmetic processing circuit becomes a slave for the ex- 
ternal circuit so as to perform processing designated by 
the interrupt, and reports a result of the processing to 

5 the external circuit. 

[0037] In the aforementioned data processing appa- 
ratus, the arithmetic processing circuit may report the 
result of the processing by outputting an interrupt to the 
external circuit. 

10 [0038] In the aforementioned data processing appa- 
ratus, the external bus interface may include a common 
memory for the arithmetic processing circuit and the ex- 
ternal circuit. The arithmetic processing circuit may write 
the result of the processing into the common memory. 

'5 The external circuit may obtain the result of the process- 
ing by polling. 

[0039] In the aforementioned data processing appa- 
ratus, the external bus interface may include: a first sta- 
tus register indicating an execution status of the 

20 processing requested from the external circuit in the 
arithmetic processing circuit, and including a flag set by 
the arithmetic processing circuit and read by the exter- 
nal circuit; a second status register indicating whether 
the external circuit has requested the arithmetic 

25 processing circuit to perform processing, and including 
a flag set by the external circuit and read by the arith- 
metic processing circuit; and the common memory for 
storing a result of the processing. 
[0040] In the aforementioned data processing appa- 

30 ratus, the storage circuit may store an interrupt program 
describing the processing designated by the interrupt, 
and the arithmetic processing circuit may perform the 
processing by executing the interrupt program read from 
the storage circuit. 

35 [0041] In the data processing apparatus, the storage 
circuit may store a plurality of the interrupt programs, 
and a plurality of sub-routines to be read when executing 
the interrupt program. The arithmetic processing circuit 
may appropriately read and execute the sub-routines 

^0 from the storage circuit when executing the interrupt 
program read from the storage circuit. 
[0042] According to another aspect of the present in- 
vention, there is provided a data processing system in- 
cluding: an arithmetic processing apparatus, forexecut- 

^5 ing a predetermined program and for outputting an in- 
terrupt according to a predetermined condition by serv- 
ing as a master; and a data processing apparatus, for 
performing predetermined processing in response to 
the interrupt from the arithmetic processing apparatus 

50 by serving as a slave for the arithmetic processing ap- 
paratus, and for reporting a result of the processing to 
the arithmetic processing apparatus. The data process- 
ing apparatus may include within a tamper-resistant cir- 
cuit module: a determining unit for determining at least 

55 one of a purchase mode and a usage mode of content 
data based on a handling policy indicated by the UCP 
data; a log data generator for generating log data indi- 
cating a result of the determined mode; and a decryption 
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unit for decrypting the content key data. 
[0043] In the aforementioned data processing sys- 
tenn, upon receiving the interrupt indicating an Interrupt 
type, the arithmetic processing apparatus may output to 
the data processing apparatus an interrupt indicating an 
Instruction to execute an intermpt routine corresponding 
to the interrupt type. The data processing apparatus 
may execute the interrupt routine corresponding to the 
intenojpt type of the Interrupt received from the arithme- 
tic processing apparatus. 

[0044] In the aforementioned data processing sys- 
tem, the data processing apparatus may report a result 
of the processing by outputting an interrupt to the arith- 
metic processing apparatus. 

[0045] In the aforementioned data processing sys- 
tem, the data processing apparatus may include a com- 
mon memory which is accessible by the data processing 
apparatus and the arithmetic processing apparatus. The 
arithmetic processing apparatus may obtain the result 
of the processing by accessing the common memory 
through polling. 

[0046] In the aforementioned data processing sys- 
tem, the data processing apparatus may include a first 
status register indicating an execution status of the 
processing requested from the arithmetic processing 
apparatus, and including a flag read by the arithmetic 
processing apparatus; a second status register indicat- 
ing whether the arithmetic processing apparatus has re- 
quested the data processing apparatus to perform 
processing by the interrupt, and including a flag set by 
the arithmetic processing apparatus; and the common 
memory for storing a result of the processing. 
[0047] The aforementioned data processing system 
may further include a bus for connecting the arithmetic 
processing apparatus and the data processing appara- 
tus. 

[0048] In the aforementioned data processing sys- 
tem, the data processing apparatus may enter a low 
power state after completing the execution of one of an 
initial program and the Interrupt routine. 
[0049] In the aforementioned data processing sys- 
tem, based on the interrupt received from the arithmetic 
processing apparatus, the data processing apparatus 
may execute the interrupt routine in accordance with at 
least one of processing for detemnining one of the pur- 
chase mode and the usage mode of the content data, 
processing for reproducing the content data, and 
processing for downloading the data from a certifying 
authority. 

[0050] In the aforementioned data processing sys- 
tem, the arithmetic processing apparatus may execute 
a predetemnined user program. 

[0051 ] According to a further aspect of the present in- 
vention, there is provided a data processing system in 
which content data provided by a data providing appa- 
ratus Is received from a data distribution apparatus, and 
is managed by a management apparatus. The data 
processing system includes: a first processing module 



for receiving from the data distribution apparatus a mod- 
ule in which content data encrypted with content key da- 
ta, the encrypted content key data, UCP data indicating 
a handling policy of the content data, and price data for 

5 the content data determined by the data distribution ap- 
paratus are stored , and for decrypting the received mod- 
ule by using common key data, and for performing ac- 
counting processing for a distribution service of the 
module by the data distribution apparatus. An arithmetic 

10 processing apparatus executes a predetermined pro- 
gram and outputs an inten^upt according to a predeter- 
mined condition by serving as a master. A data process- 
ing apparatus perfomns predetermined processing in re- 
sponse to the interrupt from the arithmetic processing 

15 apparatus by serving as a slave for the arithmetic 
processing apparatus, and reports a result of the 
processing to the arithmetic processing apparatus. The 
data processing apparatus includes within a tamper-re- 
sistant circuit module: a determining unit for determining 

20 at least one of a purchase mode and a usage mode of 
the content data based on the handling policy indicated 
by the UCP data stored in the received module. A log 
data generator generates log data indicating a result of 
the determined mode. An output unit outputs the price 

25 data and the log data to the management apparatus 
when the purchase mode of the content data is deter- 
mined. A decryption unit decrypts the content key data. 
[0052] According to a yet further aspect of the present 
invention, there Is provided a data processing system 

30 Including: an arithmetic processing apparatus for exe- 
cuting a predetermined program and for outputting an 
Interrupt according to a predetemnined condition by 
serving as a master; a first tamper- resistant data 
processing apparatus for performing rights processing 

35 of content data encrypted with content key data in re- 
sponse to the interrupt from the arithmetic processing 
apparatus by serving as a slave for the arithmetic 
processing apparatus, and for reporting a result of the 
processing to the arithmetic processing apparatus. A 

40 second tamper-resistant data processing apparatus de- 
crypts the content data by using the content key data 
obtained by perfomning mutual authentication with the 
first tamper-resistant data processing apparatus and 
compresses or decompresses the content data in re- 

45 sponse to the interrupt from the arithmetic processing 
apparatus or the first tamper- resistant data processing 
apparatus by serving as a slave for the arithmetic 
processing apparatus or the first tamper-resistant data 
processing apparatus. 

50 [0053] The aforementioned data processing system 
may further include a bus for connecting the arithmetic 
processing apparatus, the first tamper-resistant data 
processing apparatus, and the second tamper-resistant 
data processing apparatus. 

55 [0054] According to a further aspect of the present in- 
vention, there is provided a data processing system in- 
cluding: an arithmetic processing apparatus for execut- 
ing a predetermined program and for outputting an In- 
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terrupt according to a predetermined condition by serv- 
ing as a nnaster. A first tamper-resistant data processing 
apparatus perfonns rights processing of content data 
encrypted with content key data in response to the in- 
terrupt from the arithmetic processing apparatus by 
serving as a slave for the arithmetic processing appara- 
tus, and reports a result of the processing to the arith- 
metic processing apparatus. A second tamper- resistant 
data processing apparatus performs mutual authentica- 
tion with the arithmetic processing apparatus and reads 
and writes the content data from and Into a recording 
medium in response to the Interrupt output from the 
arithmetic processing apparatus. 
[0055] In the aforementioned data processing sys- 
tem, the second tamper-resistant processing apparatus 
may decrypt and encrypt the content data by using me- 
dium key data corresponding to the recording medium. 
[0056] In the aforementioned data processing sys- 
tem, when the recording medium is provided with a 
processing circuit having a mutual authentication func- 
tion, the second tarn per- resistant processing apparatus 
may perform mutual authentication with the processing 
circuit. 

[0057] According to a further aspect of the present in- 
vention, there is provided a data processing system in- 
cluding: an arithmetic processing apparatus for execut- 
ing a predetermined program and for outputting an in- 
terrupt according to a predetemnined condition by serv- 
ing as a master. A first tamper-resistant data processing 
apparatus performs mutual authentication with the arith- 
metic processing apparatus and reads and writes con- 
tent data from and into a recording medium in response 
to the Interrupt from the arithmetic processing appara- 
tus. A second tamper-resistant data processing appa- 
ratus decrypts the content data by using content key da- 
ta and compresses or decompresses the content data 
in response to the interrupt from the arithmetic process- 
ing apparatus by serving as a slave for the arithmetic 
processing apparatus. 

[0058] The aforementioned data processing system 
may further include a storage circuit for temporarily stor- 
ing the content data read from the recording medium by 
the first tamper- resistant data processing apparatus, 
and outputs the stored content data to the second 
tamper-resistant data processing apparatus. 
[0059] In the aforementioned data processing sys- 
tem, the storage circuit may utilize part of a storage area 
of an ant I -vibration storage circuit. 
[0060] The aforementioned data processing system 
may further include a third tamper-resistant data 
processing apparatus for performing rights processing 
of the content data encrypted with the content key data 
in response to the interrupt from the arithmetic process- 
ing apparatus by serving as a slave for the arithmetic 
processing apparatus, and for reporting a result of the 
processing to the arithmetic processing apparatus. 
[0061 ] According to a further aspect of the present in- 
vention, there Is provided a data processing method us- 



ing an arithmetic processing apparatus and a data 
processing apparatus. The data processing method in- 
cludes the steps of: executing, in the arithmetic process- 
ing apparatus, a predetermined program and outputting 

5 an interrupt according to a predetennlned condition by 
serving as a master; and determining, in the data 
processing apparatus, at least one of a purchase mode 
and a usage mode of content data based on a handling 
policy of UCP data, creating tog data indicating a result 

10 of the determined mode, and decrypting content key da- 
ta, within a tamper-resistant circuit module in response 
to the interrupt from the arithmetic processing apparatus 
by serving as a slave for the arithmetic processing ap- 
paratus. 

15 [0062] According to another aspect of the present In- 
vention, there is provided a data processing method us- 
ing an arithmetic processing apparatus, a first data 
processing apparatus, and a second data processing 
apparatus. The data processing method includes the 

20 steps of: executing, in the arithmetic processing appa- 
ratus, a predetermined program and outputting an inter- 
rupt according to a predetermined condition by serving 
as a master; performing, in the first data processing ap- 
paratus, rights processing of content data encrypted 

25 with content key data within a tamper- resistant module 
in response to the interrupt from the arithmetic process- 
ing apparatus by serving as a slave for the arithmetic 
processing apparatus, and reporting a result of the 
processing to the arithmetic processing apparatus; and 

30 decrypting, in the second data processing apparatus, 
the content data by using the content key data obtained 
by performing mutual authentication with the first data 
processing apparatus and compressing or decompress- 
ing the content data within a tamper-resistant module in 

55 response to the Interrupt from the arithmetic processing 
apparatus or the first data processing apparatus by 
serving as a slave for the arithmetic processing appara- 
tus or the first data processing apparatus. 
[0063] According to still another aspect of the present 

40 invention, there is provided a data processing method 
using an arithmetic processing apparatus, a first data 
processing apparatus, and a second data processing 
apparatus. The data processing method includes the 
steps of: executing, in the arithmetic processing appa- 

45 ratus, a predetermined program and outputting an inter- 
rupt according to a predetermined condition by serving 
as a master; perfonning, in the first data processing ap- 
paratus, rights processing of content data encrypted 
with content key data within a tamper- resistant module 

50 in response to the interrupt from the arithmetic process- 
ing apparatus by serving as a slave for the arithmetic 
processing apparatus, and reporting a result of the 
processing to the arithmetic processing apparatus: and 
performing, in the second data processing apparatus, 

55 mutual authentication with the arithmetic processing ap- 
paratus, and reading and writing the content data from 
and into a recording medium within a tamper-resistant 
module in response to the interrupt from the arithmetic 
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processing apparatus. 

[0064] According to a further aspect of the present in- 
vention, there is provided a data processing method us- 
ing an arithnnetic processing apparatus, a first data 
processing apparatus, and a second data processing 
apparatus. The data processing method includes the 
steps of: executing, in the arithmetic processing appa- 
ratus, a predetermined program and outputting an inter- 
rupt according to a predetermined condition by serving 
as a master; performing, in the first data processing ap- 
paratus, mutual authentication with the arithmetic 
processing apparatus, and reading and writing content 
data from and into a recording medium within a tamper- 
resistant module in response to the interrupt from the 
arithmetic processing apparatus; and decrypting, in the 
second data processing apparatus, the content data by 
using content key data and compressing or decom- 
pressing the content data within a tamper-resistant 
module in response to the interrupt from the arithmetic 
processing apparatus by serving as a slave for the arith- 
metic processing apparatus. 

[0065] The invention will now be described by way of 
example with reference to the accompanying drawings, 
throughout which like parts are referred to by like refer- 
ences, and in which: 

Fig. 1 is a block diagram illustrating the overall con- 
figuration of an EMD system according to a first em- 
bodiment of the present invention; 
Fig. 2 illustrates the concept of a secure container 
used in the present invention; 
Figs. 3A, 3B, and 3C illustrate the format of the se- 
cure container sent from a content provider to a se- 
cure application module (SAM) shown in Fig. 1; 
Fig. 4 illustrates details of data contained in a con- 
tent file shown in Fig. 3A; 

Fig. 5 illustrates details of data contained in a key 
file shown in Fig, 3B; 

Fig. 6 illustrates the registration and the transfer of 
the key file'between the content provider and an 
electronic music distribution (EMD) center shown in 
Fig. 1; 

Fig. 7 illustrates header data contained in the con- 
tent file; 

Fig. 8 illustrates a content ID; 

Fig. 9 illustrates the directory structure of the secure 

container; 

Fig. 10 illustrates the hyperiink structure of the se- 
cure container; 

Fig. 11 illustrates one example of a recording me- 
dium (ROM) used in the first embodiment; 
Fig. 12 illustrates another example of a recording 
medium (ROM) used in the first embodiment; 
Fig. 13 illustrates still another example of a record- 
ing medium (ROM) used in the first embodiment; 
Fig. 14 illustrates an example of a recording medi- 
um (RAM) used in the first embodiment; 
Fig. 15 illustrates another example of a recording 
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medium (RAM) used in the first embodiment; 
Fig. 16 illustrates still another example of a record- 
ing medium (RAM) used in the first embodiment; 
Figs. 17, 18. and 19 are a flow chart illustrating 
5 processing for creating the secure container by the 

content provider; 

Fig. 20 illustrates the functions of the EMD service 
center shown in Fig. 1 ; 

Fig. 21 illustrates usage log data shown in Fig. 1 ; 

10 Fig. 22 is a block diagram illustrating an example of 
the configuration of a network device within a user 
home network shown in Fig. 1 ; 
Fig. 23 illustrates the relationship between a host 
CPU and a SAM shown in Fig. 22; 

15 Fig. 24 illustrates the software configuration imple- 
menting a SAM; 

Fig. 25 illustrates an external interrupt to be output 
to the host CPU; 

Fig. 26 illustrates an internal interrupt to be output 
20 from the host CPU; 

Fig. 27 illustrates function calls output from the host 
CPU; 

Fig. 28 illustrates the processing status of a CPU of 
the SAM; 

25 Fig. 29 illustrates memory spaces of the host CPU 

and the SAM; 

Fig. 30 is afunctional block of a SAM within the user 
home network shown in Fig. 1 , and also illustrates 
the data flow when the secure container received 
30 from the content provider is decoded; 

Fig. 31 illustrates data to be stored in an external 
memory shown in Fig. 22; 

Fig. 32-illustrates data to be stored in a work mem- . 
ory; 

55 Fig. 33 is a block diagram illustrating another exam- 
ple of the configuration of the network device within 
the user home network shown in Fig. 1 ; 
Fig. 34 illustrates data to be stored in a storage unit 
shown in Fig. 30; 

40 Fig. 35 is a flow chart illustrating the processing per- 
formed by the SAM for receiving the license key da- 
ta from the EMD service center; 
Fig. 36 is a flow chart illustrating the processing per- 
formed by the SAM for receiving the secure contain- 

45 er; 

Fig. 37 is a functional block diagram of a SAM within 
the user home network shown in Fig. 1 , and also 
illustrates the data flow when the content data is uti- 
lized and purchased; 
50 Fig. 38 is a flow chart illustrating the processing by 

the SAM for determining the purchase mode of the 
content data; 

Figs. 39A through 39D illustrate the secure contain- 
er tor which the purchase mode is determined; 
55 Fig. 40 is a flow chart illustrating the processing per- 
formed by the SAM for playing back the content da- 
ta; 

Fig. 41 is a block diagram illustrating the operation 
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of transferring the content file, for which the pur- 
chase mode is determined, downloaded into a 
download memory of the network device shown in 
Fig. 22 to a SAM of an audio-visual (AA/) machine, 
and re-purchasing the content file in the A/V ma- 5 
chine; 

Fig. 42 illustrates the data flow within the receiver 
SAM shown in Fig. 41 ; 

Fig. 43 is a flow chart illustrating the processing 
shown in Fig. 42; io 
Figs. 44A through 44D illustrate the fonnat of the 
secure container to be transferred in Fig. 41 ; 
Fig. 45 illustrates the data flow when the received 
content file in the receiver SAM shown in Fig. 41 is 
written into a recording medium (ROM or RAM); is 
Figs. 46 and 47 are a flow chart illustrating the 
processing by the receiver SAM shown in Fig. 41 ; 
Fig. 48 illustrates various purchase modes in the 
SAMs within the user home network shown in Fig. 1 ; 
Fig. 49 illustrates the data flow within an AA/ ma- 20 
chine when the recording medium (ROM) shown in 
Fig. 11, for which the purchase mode is not deter- 
mined, is distributed offline to the user home net- 
work, and the purchase mode of the content file is 
determined by the AA/ machine; 25 
Fig. 50 illustrates the data flow within the SAM of 
the AA/ machine shown in Fig. 49; 
Fig. 51 is a flow chart illustrating the processing per- 
formed by the SAM of the AA/ machine shown in 
Fig. 49; 30 
Fig. 52 illustrates the processing for reading the se- 
cure container, for which the purchase mode is not 
determined, from a recording medium (ROM) of an 
AA/ machine within the user home network, and for 
transferring the secure container to another A/V 35 
machine and writing it into a recording medium 
(RAM); 

Fig. 53 illustrates the data flow within the receiver 
SAM shown in Fig. 52; 

Figs. 54A through 54D illustrate the fomnat of the 40 
secure container transferred from the sender SAM 
to the receiver SAM shown in Fig. 52; 
Figs. 55 and 56 are a flow chart illustrating the 
processing perfomned by the sender SAM and the 
receiver SAM shown in Fig. 52; 45 
Fig. 57 illustrates the data flow within the receiver 
SAM shown in Fig. 52; 

Fig. 58 illustrates an example of connection models 
of the devices via a bus within the user home net- 
work; 50 
Fig. 59 illustrates the data format of a SAM regis- 
tration list created by the SAM; 
Fig. 60 illustrates the format of a public-key certifi- 
cate revocation list created by the EMD service 
center; 55 
Fig. 61 illustrates the data fonnat of the SAM regis- 
tration list created by the EMD sen/ice center; 
Fig. 62 illustrates a security function of the SAM; 



Fig. 63 illustrates an example of loading models of 
various SAMs in the network device of the user 
home network shown in Fig. 1 ; 
Fig. 64 illustrates the detailed circuit configuration 
of a download memory and peripheral circuits 
shown in Fig. 63; 

Fig. 65 illustrates the relationship between the host 
CPU and the SAM shown in Fig. 63; 
Fig. 66 illustrates the relationship among the host 
CPU, the SAM, the A/V compression/decompres- 
sion SAM, and the recording medium shown in Fig. 
63; 

Fig. 67 illustrates the relationship among the host 
CPU , the medium drive SAM , and the AA/ compres- 
sion/decompression SAM shown in Fig. 63; 
Fig. 68 illustrates one example of the circuit module 
of a rights processing SAM; 
Fig. 69 illustrates one example of hardware config- 
uration within the SAM configured as the circuit 
module shown in Fig. 68; 

Fig. 70 illustrates an address space of the rights 
processing SAM; 

Fig. 71 illustrates an address space of the host 
CPU; 

Fig. 72 illustrates another example of the circuit 

module of the rights processing SAM; 

Fig. 73-illustrates a circuit module of the medium 

SAM; 

Fig. 74 illustrates storage data in the medium SAM 
of a recording medium (ROM) when the ROM is 
shipped; 

Fig. 75 illustrates storage data in the medium SAM 
of the recording medium (ROM) after registration is 
conducted; 

Fig. 76 illustrates storage data in the medium SAM 
of a recording medium (RAM) when the RAM is 
shipped; 

Fig. 77 illustrates storage data in the medium SAM 
of the recording medium (RAM) when registration 
is conducted; 

Fig. 78 illustrates an example of a circuit module of 
the /W compression/decompression SAM; 
Fig. 79 illustrates an example of a circuit module of 
the medium drive SAM; 

Fig. 80 is a flow chart illustrating the overall opera- 
tion of the EMD system shown in Fig. 1 ; 
Fig. 81 illustrates examples of distribution protocols 
for the secure container used in the EMD system of 
the first embodiment; 

Fig. 82 is a block diagram illustrating the overall 
configuration of an EMD system according to a sec- 
ond embodiment of the present invention; 
Fig. 83 is a flow chart illustrating the processing for 
creating a secure container in a service provider; 
Figs. 84A through 84D illustrate the format of the 
secure container sent from the service provider to 
the user home network shown in Fig. 82; 
Fig. 85 illustrates the sending format of a content 
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file stored in the secure container shown in Figs. 
84A through 84D: 

Fig. 86 illustrates the sending fomnat of a key file 
stored in the secure container shown in Figs. 84A 
through 84D; 

Fig. 87 illustrates the functions of the EMD service 
center shown in Fig. 82; 

Fig. 88 is a block diagrann illustrating a network de- 
vice shown in Fig. 82; 

Fig. 89 is a functional block diagram illustrating a 
CA nnodule shown in Fig. 88; 
Fig. 90 is a functional block diagrann illustrating a 
SAM shown in Fig, 82, and also Illustrates the data 
flow when the secure container is received and de- 
coded; 

Fig. 91 illustrates data to be stored in a work menn- 
ory shown in Fig. 90; 

Fig. 92 is a functional block diagram illustrating the 
SAM shown in Fig. 82, and also illustrates the data 
flow when the purchase and usage modes of the 
content are determined; 

Fig. 93 is a flow chart illustrating the processing for 
receiving the secure container by the SAM shown 
in Fig. 82; 

Fig. 94 is a block diagram illustrating the operation 
of transferring the content file, for which the pur- 
chase mode is determined, downloaded into a 
download memory of the network device shown in 
Fig. 82 to a SAM of an AA/ machine; 
Fig. 95 illustrates the data flow within the receiver 
SAM shown in Fig. 94; 

Fig. 96 is a flow chart illustrating the processing per- 
fonned by the sender SAM shown in Fig. 95; 
Figs. 97A through 97E illustrate the format of the 
secure container transferred from the sender SAM 
to the receiver SAM shown In Fig. 94; 
Fig. 98 illustrates the data flow within the receiver 
SAM shown in Fig. 94; 

Figs. 99 and 100 are a flow chart illustrating the 
processing performed by the receiver SAM shown 
in Fig. 94; 

Fig. 101 illustrates an example of connection mod- 
els of the SAMs within the user home network 
shown in Fig. 82; 

Figs. 102 and 103 are a flow chart illustrating the 
overall operation of the EMD system shown in Fig. 
82; 

Fig. 1 04 illustrates an example of service models of 
the EMD system shown in Fig. 82; 
Fig. 1 05 illustrates distribution protocols for the se- 
cure container employed in the EMD system shown 
in Fig. 82; and 

Fig. 1 06 is a block diagram illustrating a convention- 
al EMD system. 

[0066] An electronic music distribution (EMD) system 
according to an embodiment of the present invention is 
first described below. 
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First Embodiment 

[0067] Fig. 1 is a block diagram illustrating an EMD 
system 100 constructed in accordance with an embod- 

5 iment of the present invention. 

[0068] In this embodiment, the "content data" to be 
distributed to users is digital data having meaningful in- 
formation, which is described below by taking music da- 
ta as an example. 

10 [0069] The EMD system 100 includes, as shown in 
Fig. 1 , a content provider 101 , an EMD service center 
(clearing house, may be hereinafter simply referred to 
as the "ESC") 102, and a user home network 103. 
[0070] The content provider 101, the EMD service 

*5 center 102, and secure application modules (SAMs) 
105^ through 1054 respectively correspond to a data 
providing apparatus, a data management apparatus, 
and a data processing apparatus of the present inven- 
tion. 

20 [0071 ] An overview of the EMD system 1 00 is first dis- 
cussed. The EMD system 1 00 sends to the EMD service 
center 1 02, which is a highly reliable authorizing organ- 
ization, content key data Kc used for encrypting content 
data C to be provided, UCP (UCP) data 106 indicating, 

25 for example, the license agreement conditions of the 
content data C, and digital-watermark information con- 
trol data indicating the content of digital watermark in- 
fomnation and the position in which digital watermark in- 
formation is embedded. 

30 [0072] The EMD service center 1 02 registers (authen- 
ticates or authorizes) the content key data Kc, the UCP 
data 106, and the digital-watermark information control 
data received from the content provider 101 . 
[0073] The EMD service center 1 02 also creates a key 

55 file KF, which stores the content key data Kc encrypted 
with license key data KD., through KDg of corresponding 
periods, the UCP data 106, and signature data of the 
EMD service center 102, and sends the key file KF to 
the content provider 101 . 

40 [0074] The signature data is used for verifying the in- 
tegrity of the key file KF and the identity of the creator 
of the key file KF, and the official registration of the key 
file KF in the EMD service center 102. 
[0075] The content provider 1 01 creates a content file 

45 CF by encrypting the content data C with the use of the 
content key data Kc, and distributes a secure container 
104 (corresponding to a module of the present inven- 
tion), which stores the content file CF, the key file KF 
received from the EMD service center 1 02, and the sig- 

50 nature data of the content provider 101, to the user 
home network 1 03 via a network, such as the Internet, 
or a digital broadcast, or package media, such as a re- 
cording medium. 

[0076] The signature data stored in the secure con- 
55 tainer 1 04 is used for verifying the integrity of the corre- 
sponding data and the identity of the creator and the 
sender of the data. 

[0077] The user home network 103 includes, for ex- 
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ample, a network device 160^, and audio-visual (AV) 
machines ISOg through I6O4. The network device 160^ 
has a built-in SAM 1 05^ . Th AA/ machines 1 6O2 through 
I6O4 have built-in SAMs 1062 through 1064, respective- 
ly. The SAMs 1 05^ through 1 064 are interconnected with 
each other via a bus 191 , such as an IEEE-1394 serial 
interface bus. 

[0078] The SAMs 1 05^ through 1 064 decode the se- 
cure container 104 received from the content provider 
101 online via, for example, a network, and/or the se- 
cure container 104 supplied from the content provider 

101 to the A/V machines I6O2 through I6O4 offline via 
a recording medium, by using the license key data KD^ 
through KD3 of corresponding periods, and then verify 
the signature data. 

[0079] The secure container 1 04 supplied to the SAM 
105^ through 1054 is then ready to be played back or 
recorded on a recording medium in the network device 
1 60^ and the AA/ machines 1 eOg through 1 6O4 after the 
purchase/usage mode of the secure container 104 has 
been determined by a user's operation, 
[0080] The SAMs 105^ through 1064 record the pur- 
chase/usage history of the secure container 1 04 as us- 
age log data 108, and also create usage control status 
(UCS) data 166 indicating the purchase mode. 
[0081] The usage log data 1 08 is sent from the user 
home network 103 to the EMD service center 102, for 
example, in response to a request from the EMD sen/ice 
center 102 The UCS data 166 is sent from the user 
home network 103 to the EMD service center 102, for 
example, every time the purchase mode is determined. 
[0082] The EMD service center 1 02 determines (cal- 
culates) the accounting content based on the usage log 
data 108, and settles the account, based on the calcu- 
lated accounting content, by using a settlement organi- 
zation 91 , such as a bank, via a payment gateway 90. 
According to this settlement, the payment made by the 
user of the user home network 1 03 to the settlement or- 
ganization 91 is given to the content provider 101 by the 
settlement processing performed by the EMD sen/ice 
center 1 02. The EMD service center 1 02 regularly sends 
settlement report data 1 07 to the content provider 1 01 . 
[0083] In this embodiment, the EMD service center 

1 02 has an authentication function, a key-data manage- 
ment function, and a rights processing (profit distribu- 
tion) function. 

[0084] More specifically, the EMD service center 1 02 
serves as a second certifying authority located at a layer 
lower than a root certifying authority 92, which is the 
neutral supreme authority, and authenticates public key 
data by attaching a signature to the public-key certificate 
data of the public key data by using private key data of 
the EMD service center 1 02. The public key data is used 
for verifying the integrity of the signature data in the con- 
tent provider 1 01 and the SAMs 1 05^ through 1 064. As 
stated above, the EMD service center 1 02 registers and 
authorises the. UCP data 106 of the content provider 
101 , which is also part of the authentication function of 



the EMD service center 102. 

[0085] The EMD service center 1 02 also has the key- 
data management function of managing key data, such 
as license key data KD^ through KDg. 

5 [0086] The EMD service center 1 02 also has the fol- 
lowing rights processing (profit distribution) function. 
The EMD service center 1 02 settles the account for the 
purchase and usage of the content made by the user 
based on the suggested retailer's price (SRP) stated in 

10 the authorized UCP data 106 and the usage log data 
108 input from the SAMs 105^ through 1064, and dis- 
tributes the payment made by the user to the content 
provider 101. 

[0087] Fig. 2 schematically illustrates the concept of 
'5 the secure container 1 04. 

[0088] The secure container 1 04 stores, as shown in 
Fig. 2 the content file CF created by the content provider 
1 01 and the key file KF created by the EMD service cent- 
er 102. 

20 [0089] In the content file CF, header data containing 
a header and a content ID, the content data C encrypted 
with the content key data Kc, and the signature data en- 
crypted with private key data Kcps of the content pro- 
vider 101 are stored. 
25 [0090] In the key file KF, header data containing a 
header and a content ID, the content key data Kc and 
the UCP data 106 encrypted with the license key data 
KD., through KDg, and the signature data encrypted with 
the private key data K^q^ s of the EMD sen/ice center 
30 102 are stored. 

[0091] In Fig. 2, the UCP data 106 may not be en- 
crypted with the license key data KD-, through KDg, in 
which case, the signature data encrypted with the pri- 
vate key data K^ps of the content provider 1 01 is added 
35 to the UCP data 106. 

[0092] Details of the individual elements of the EMD 
system 100 are discussed below. 

[Content provider 101] 

[0093] Before starting to communicate with the EMD 
service center 102, the content provider 101 offline reg- 
isters the public key data Kcp,p created by the content 
provider 101, the ID certificate, and the bank account 
number (for settling the account) of the content provider 
1 01 in the EMD service center 1 02, and obtains a unique 
identifier (ID number) CPJD. The content provider 101 
also receives from the EMD service center 1 02 the pub- 
lic key data Kesc.p of the EMD service center 102 and 
the public key data Kr.^a p of the root certifying authority 
92. 

[0094] The content provider 101 creates the secure 
container 1 04 which stores the content file CF and sig- 
nature data SlGg CP of the content file CF shown in Fig. 
3A, the key file KF corresponding to the content file CF 
read from a key file database 118b and signature data 
SIG7 Qp of the key file KF shown in Fig. 3B, public-key 
certificate data CER^p of the content provider 101 read 
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from a storage unit 119 and signature data SIG^ ^sc 
the public-key certificate data CERcp shown in Fig. 3C. 
[0095] The content provider 1 01 supplies online or of- 
fline the secure container 104 to the network device 
160^ of the user home network 103 shown in Fig. 1, 5 
[0096] In this manner, according to this embodiment, 
an in-band system is employed in which the public key 
certificate CERcp of the public key data Kcp,p of the con- 
tent provider 1 01 , which is stored in the secure container 
1 04, is directly sent to the user home network 1 03. This 
eliminates the need for the user home network 103 to 
communicate with the EMD service center 102 in order 
to acquire the public key certificate CERcp. 
[0097] Alternatively, in the present invention, an out- 
of-band system may be employed in which the user 
home network 1 03 may acquire the public key certificate 
CERcp ^^^^ service center 1 02 instead of stor- 

ing it in the secure container 104. 
[0098] In this embodiment, the signature data is gen- 
erated by hashing the data used for the signature in the 
content provider 101, the EMD service center 102, and 
the SAMs 105., through 1064 by using the private keys 
Kcp.s. Kesc.s. *<sami through Ksam4. respectively. The 
hash values arc generated by using hash functions. Ac- 
cording to the hash functions, the data used for signa- 
tures is input and is compressed into data having a pre- 
determined bit length, which is then output as the hash 
values. It is difficult to predict the input value from the 
hash values (output values), and when one bit of the 
input data changes, many bits of the hash values 
change. It is also difficult to search for the input data 
having the same hash value. 

[0099] Details of the individual data in the secure con- 
tainer 1 04 are as follows. 

Signature data SIG r^p 

[0100] The signature data SlGg cp 'S used at the des- 
tination of the secure container 1 04 for verifying the in- 
tegrity of the creator and the sender of the content file 
CR 

Signature data SIR ? np 

[01 01 ] The signature data S IG7 ^p 's used at the des- 
tination of the secure container 104 for verifying the in- 
tegrity of the sender of the key file KR The integrity of 
the creator of the key file KR is verified at the destination 
of the secure container 1 04 based on the signature data 
SIG^-, ESC wrthin the key file KR The signature data 
SIG^i ESC '2 used for verifying the registration of 
the key file KF in the EMD service center 1 02. 

Content file CF 

[0102] Fig. 4 illustrates details of the content file CF 
shown in Fig. 3A. 

[0103] The content file CF stores, as shown in Figs. 
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3A and 4, header data, meta data Meta encrypted with 
the content key data Kc input from an encryption unit 
114. content data C, AA/ decompression software Soft, 
and a digital watermark information module (Watermark 
Module) WM. 

[01 04] Fig. 3A illustrates the configuration of the con- 
tent file CF when a digital signal processor (DSP) is used 
as an A/V compression/decompression device for de- 
compressing the content data C. The DSP decompress- 
es the content data C within the secure container 104 
and embeds and detects digital watermark information 
by using the AA/ decompression software and the digital 
watemnark infomnation module within the secure con- 
tainer 1 04. This enables the content provider 1 01 to em- 
ploy a desired compression method and an embedding 
method for digital watemnark infonnation. 
[0105] If hardware or prestored software is used as 
an AA/ compression/decompression device for decom- 
pressing the content data C and for embedding and de- 
tecting digital watermark information, the AA/ decom- 
pression software and the digital watennark information 
module may not be stored within the content file CR 
[0106] The header data contains, as shown in Rig. 4, 
a synchronization signal, a content ID, signature data 
obtained by the private key data Kqps of the content 
provider 101 for verifying the content ID, directory infor- 
mation, hyperiink information, information concerning 
the serial number, the effective period and the creator 
of the content file CF, the file size, the encryption flag, 
the encryption algorithm, and the signature algorithm, 
and signature data obtained by the private key data 
Kcp,s of the content provider 1 01 for verifying the direc- 
tory information. 

[0107] The meta data Meta includes, as shown in Rig. 
4, the description of a product (i.e., content data C), ad- 
vertisement infomnation for product demonstration,, 
product- related information, and signature data of the 
content provider 1 01 for verifying the above infonnation. 
[0108] In the present invention, the meta data Meta is 
sent while being stored in the content file CF, as shown 
in Figs. 3A and 4. Alternatively, instead of storing the 
meta data Meta in the content file CF, the meta data Me- 
ta may be transmitted from the content provider 101 to, 
for example, the SAM 1 05-i via a path different from the 
path for sending the content file CF. 
[01 09] The content data C is obtained in the following 
manner. Source digital watermark information (Source 
Watermark) Ws, copy control digital watermark informa- 
tion (Copy Control Watermark) Wq, user digital water- 
mark information (User Watermark) Wy, and link digital 
watemnark information (Link Watennark) Wi_, etc., are 
embedded into content data read from, for example, a 
content master source database. Then, the content data 
is compressed according to a voice compression meth- 
od, such as adaptive transfomn acoustic coding 3 
(ATRAC3) (brand name), and is encrypted according to 
a common key cryptosystem, such as the data encryp- 
tion standard (DES) or Triple DES, by using a content 
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key Kc as the common key. 

[0110] The content key data Kc is obtained by, for ex- 
ample, generating a random number having a predeter- 
mined number of bits by using a random number gen- 
erator. The content key data Kc may be generated from 
information concerning a music piece provided by the 
content data. The content key data Kc is regularly up- 
dated. 

[01 11 ] In the presence of a plurality of content provid- 
ers 1 01 , the content key data Kc unique to each content 
provider 1 01 may be used, or the common content data 
Kc may be used for all the content providers 101. 
[0112] Source digital watermark information Wg indi- 
cates information concerning the copyright, such as the 
name of the copyright holder of the content data, the 
International Standard Recording Code (ISRC), the au- 
thoring date, the authoring machine identification data 
(ID), and the distribution destination of the content. 
[01 13] The copy control digital watermark information 
Wc indicates information including a copy prohibit bit for 
preventing a copying operation via an analog interface. 
[0114] The user digital watennark Infonnation Wjj 
contains, for example, the identifier CPJD of the con- 
tent provider 101 for specifying the distribution source 
and the distribution destination of the secure container 
1 04, and the identifier SAM JD^ through S AM_ID4 of the 
SAMs 1 05i through 1 064, respectively, of the user home 
network 103. 

[0115] The link digital watennark information Wl in- 
cludes, for example, the content ID of the content data 
C. By embedding the link digital watermark information 
Wl into the content data C, even for the content data C 
distributed via an analog broadcast, such as a television 
broadcast or an amplitude modulation (AVI)/frequency 
modulation (FM) radio broadcast, in response to a re- 
quest from the user, the EMD service center 1 02 is able 
to introduce the content provider 1 01 , which handles the 
content data C, to the user. That is, the receiving side 
of the content data C detects the link digital watermark 
infonnation Wl embedded into the content data C by 
using a digital watermark information decoder, and 
sends the detected content ID to the EMD service center 
102. This enables the EMD service center 102 to intro- 
duce the content provider 1 01 , which handles the con- 
tent data C, to the user. 

[0116] More specifically, It is now assumed that the 
user listens to a piece of music on air in an automobile 
and finds it interesting, and presses a predetermined 
button. Then, a digital watennark information decoder 
integrated in the radio detects the content ID contained 
in the link digital watennark information Wl embedded 
into the content data C and the communication address 
of the EMD service center 102 which registers the con- 
tent data C. The digital watermark information decoder 
then records the detected data on a medium SAM load- 
ed in a portable medium, for example, a semiconductor 
memory, such as, a Memory Stick (brand name), or an 
optical disc, such as, a mini disc (MD) (brand name). 



The portable medium is then set in a network device 
loaded with a SAM connected to a network. After per- 
forming mutual authentication between the SAM and the 
EMD service center 1 02, the ID information stored in the 

5 medium SAM and the recorded content ID are sent from 
the network device to the EMD service center 102. 
Then, the network device receives a list of content pro- 
viders which handle the content data C, such as the con- 
tent provider 1 01 , from the EMD service center 1 02. 

10 [0117] Alternatively, in response to the content ID 
from the user, the EMD service center 102 may send 
information of the user to the content provider 101, 
which handles the content data C corresponding to the 
content ID. Upon receiving the above-mentioned infor- 

f5 matlon, if the user is found to have already made a con- 
tract with the content provider 1 01 , the content provider 

1 01 may send the content data C to the network device 
of the user, If not, the content provider 101 may send 
promotion infomnation of the content provider 1 01 to the 

20 network device of the user, 

[01 18] In a second embodiment (described below) of 
the present invention, based on the link digital water- 
mark infonnation Wl, the EMD service center 102 is 
able to introduce a service provider 310, which handles 

25 the content data C, to the user. 

[0119] Preferably in the first embodiment, the content 
and the embedding position of the digital watermark in- 
formation may be defined as the digital watermark infor- 
mation module WM, which may be registered and man- 

30 aged in the EMD service center 102. The digital water- 
mark information module WM is used for verifying the 
digital watennark information by, for example, the net- 
work device 160^ and the AA/ machines I6O2 through 
I6O4 within the user home network 103. 

55 [0120] More specifically, the user home network 103 
detemnlnes based on the user digital watermark infor- 
mation module WM managed by the EMD service center 

1 02 whether the content and the embedding position of 
the digital watermark information detected by the user 

40 home network 1 03 coincide with those managed by the 
EMD service center 102. If the detected information 
matches that of the EMD service center 1 02, the digital 
watennark information is detennined to be legal, it is 
thus possible to detect illegally embedded digital water- 

45 mark information with high probability 

[0121] The AN decompression software Soft, which 
may be ATRAC3 decompression software, is used for 
decompressing the content file CF in the network device 
I6O1 and the AA/ machines I6O2 through I6O4 of the 

50 user home network 1 03. 

[0122] This enables the SAMs 105^ through IO54 to 
decompress the content data C simply by using the A/ 
V decompression software stored in the secure contain- 
er 104. Accordingly even if different compression/de- 

55 compression methods are set for the individual items of 
content data C or for the individual content providers, a 
heavy burden of decompressing the content data C is 
not imposed on the user. 
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[0123] The content file CF nnay contain, as shown in 
Fig. 4, a file reader and signature data for verifying the 
file reader by using a private key K^pg. This enables the 
SAMs 1 05^ through 1 064 to efficiently process a plurality 
of different types of secure containers 104 which store 
the different formats of content files CF. 
[0124] The file reader is used for reading the content 
file CF and the corresponding key file KF, and indicates 
the reading procedure of these files. 
[0125] In this ennbodiment, it is assumed that the file 
reader has been sent from the EMD service center 1 02 
to the SAMs 105^ through 1064, and thus, the content 
file CF of the secure container 1 04 does not store a file 
reader. 

[0126] In this embodiment, the encrypted content da- 
ta C is stored in the secure container 104 without de- 
pending on factors, such as the compression flag, i.e., 
whether the content data C is compressed, the com- 
pression method of content data C, the encryption meth- 
od (including the common key cryptosystem and the 
public key cryptosystem), the signal source of the con- 
tent data C (for example, the sampling frequency), and 
the signature-data creating method (algorithm). That is, 
tho above-doscribed factors can be determined at the 
discretion of the content provider 101 . 

Key file KF 

[0127] Fig. 5 illustrates details of the key file KF shown 
in Fig. SB. 

[0128] In this embodiment, for example, after regis- 
tration processing is performed by sending a registration 
module Mod2 from the content provider 1 01 to the EMD 
service center 102, as shown in Fig. 6, the key file KF 
for six months, for example, is sent from the EMD serv- 
ice center 102 to the content provider 1 01 and is stored 
in a key file database. In sending and receiving the reg- 
istration module Mod2 and the key file KF, mutual au- 
thentication is performed between the content provider 
101 and the EMD service center 102, and the registra- 
tion module Modg and the key file KF are encrypted and 
decrypted by using session key data Ks^s- 
[01 29] The key file KF is provided for each content da- 
ta C, and is linked to the corresponding content file CF 
according to directory structure data DSD within the 
header of the content file CF, which is discussed in detail 
below. 

[0130] The key file KF stores, as shown in Figs. SB 
and 5, a header, content key data Kc, the UCP data (li- 
cense agreement conditions) 106, SAM program down- 
load containers SDC^ through SDC3, and signature data 

^'*^K1.ESC- 

[0131] The signature data obtained by using the pri- 
vate key K^sc s the EMD service center 102 may be 
signature data SIG^^^ for all the data stored in the 
key file KF, as shown in Fig. SB. Alternatively, the sig- 
nature data may be separately provided, as shown in 
Fig. 5, for infomnation from the header to the key file, for 
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the content key Kc and the UCP data 106, and for the 
SAM program download containers SDC. 
[0132] The content key data Kc and the UCP data 
106, and the SAM program download containers SDC^ 

5 through SDC3 are encrypted with the use of the license 
key data KD^ through KDg of corresponding periods. 
[0133] The UCP data 106 may not be stored in the 
key file KF, in which case, it is provided with signature 
data without being encrypted by the license key data. 

10 [0134] The header data contains, as shown in Fig. 5, 
a synchronization signal, a content ID, signature data 
for verifying the content ID by using the private key 
Kesc.s EMD service center 1 02, directory struc- 

ture data, hyperlink data, information concerning the key 

^5 file KF, and signature data for verifying the directory 
structure data by using the private key Kgsc.s 
EMD service center 102. 

[01 35] Various types of information may be contained 
in the header data, and may be variable according to 
20 the situation. For example, information shown in Fig. 7 
may be contained. 

[0136] The content ID may store information shown 
in Fig. 8. The content ID is created in the EMD service 
center 1 02 or the content provider 1 01 , and the signa- 
ls ture data obtained by using the private key data K£sc s 
of the EMD service center 102, as shown in Fig. 8, or 
the signature data obtained with the private key data 
K^ps of the content provider 1 01 is attached to the con- 
tent ID. The content ID may be created either in thecon- 
30 tent provider 101 or the EMD service center 102. 

[01 37] The directory structure data represents a rela- 
tionship among the content files CF and a relationship 
between the content file CF and the key file KF within 
the secure container 104. 
55 [0138] For example, if content files CF^ through CF3 
and the corresponding key files KF., through KF3 are 
stored in the secure container 104, a link between the 
CF^ through CF3 and a link between the content files 
CF^ through CF3 and the key files KF^ through KF3 are 
40 established, as shown in Fig. 9, by the directory struc- 
ture data. 

[0139] The hyperlink data represents a hierarchical 
structure of the key file KF and a relationship between 
the content files CF and the key files KF by considering 

45 all the files inside and outside the secure container 1 04. 
[0140] More specifically, address information to be 
linked and the authentication value (hash value) thereof 
are stored, as shown in Fig. 10, in the secure container 
104 for each content file CF and for each key file KF. 

50 The hash value of one content file CF or one key file KF 
obtained by a hash function H(x) is then compared with 
that of another file C For another key file KFto be linked, 
thereby verifying the link between the files. 
[0141] The UCP data 106 is a descriptor which de- 

55 fines the operation rules of the content data C, for ex- 
ample, the suggested retailer's price (SRP) and the cop- 
ying rules desired by the operator of the content provider 
101. 
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[01 42] More specifically, the UCP data 1 06 contains, 
as shown in Fig. 5, a content ID, an identifier of the con- 
tent provider 101 CP_ID, the effective date of the UCP 
data 106, the connmunication address of the EMD serv- 
ice center 102, use-space research information, the 
SRP, the usage policy, the UCS Information, the UCS 
infonnation for demonstrating the product, and signa- 
ture data for the above-described information. 
[0143] The UCS information indicates an accepted 
purchase mode selected from various purchase modes, 
for example, redistribution, pay per use, sell through, 
time limited sell through, sell through pay per play N, 
pay per time, pay per use for a SCMS device, pay per 
block, etc. 

[0144] In the second embodiment, which is discussed 
below, in sending a secure container 304 to a user home 
network 303 via a service provider 310, the UCP data 
106 contains the identifier of the service provider 310 
SPJD which is provided with the secure container 1 04 
by a content provider 301 . 

[0145] The SAM program download containers SDC^ 
through SDC3 stores, as shown in Fig. 5, a download 
driver indicating the procedure for downloading the pro- 
grams within the SAMs 1 05^ through 1 064, a label read- 
er, such as UCP-L (label). R (Reader), representing the 
syntax (grammar) of the UCP data U106, lock key data 
for locking or unlocking of the writing and the erasing of 
each block data stored in a storage unit 1 92 (a flash read 
only memory (ROM), such as a mask ROM 1104 or a 
non-volatile memory 1105) built in each of the SAMs 
105i through 1064, and signature data for the above- 
described information. The mask ROM 11 04 or the non- 
volatile memory 1 1 05 controls the writing and the eras- 
ing of the storage data in units of blocks based on the 
lock key data. 

[01 46] A description is now given of the mode in which 
the secure container 104 is supplied from the content 
provider 101 to the user home network 103. 
[0147] As discussed above, the content provider 1 01 
supplies the secure container 1 04 online or offline to the 
user home network 103. 

[0148] When the content provider 101 supplies the 
secure container 1 04 online to the network device 160^ 
of the user home network 103, the following process is 
taken. The content provider 1 01 mutually authenticates 
with the network device 1 60^ so as to share the session 
key (common key) Kqes, and encrypts the secure con- 
tainer 104 by using the session key Kg^s and sends it 
to the EMD service center 102. The session key Kses 
is newly created every time mutual authentication is per- 
formed. 

[01 49] As the communication protocol for sending the 
secure container 1 04, a Multimedia and Hypermedia in- 
formation coding Experts Group (MHEG) protocol is 
used for a digital broadcast, or extensible markup lan- 
guage (XML), synchronized multimedia integration lan- 
guage (SMIL), or hypertext markup language (HTML) 
may be used for the Internet. The secure container 1 04 



is embedded within the corresponding protocol accord- 
ing to a tunneling technique without depending on the 
coding method. 

[01 50] Accordingly, the format of the secure container 
5 104 does not have to match the communication proto- 
col, thereby increasing the flexibility in selecting the for- 
mat of the secure container 104. 
[0151] The communication protocol used for sending 
the secure container 1 04 from the content provider 1 01 
10 to the user home network 103 is not restricted to the 
above-described protocols. 

[0152] In this embodiment, as the modules built in the 
content provider 101 , the EMD service center 1 02, and 
the network device 160^ for communicating with each 
^5 other, tamper-free or high tamper-resistant communica- 
tion gateways which are protected from being monitored 
are used. 

[0153] Incontrast, when the content provider 101 sup- 
plies the secure container 104 offline to the user home 

20 network 1 03, the secure container 1 04 is recorded on a 
recording medium (ROM or RAM), which is discussed 
in detail below, and the contents of the ROM or RAM is 
then supplied to the user home network 1 03 via a com- 
munication path. 

25 [0154] Fig. 11 illustrates a recording medium (ROM) 
130-1 used in this embodiment. 

[0155] The recording medium (ROM) 130^ has a 
ROM area 131 , a secure RAM area 132, and a medium 
SAM 133. The content file OF shown in Fig. 3A is stored 

30 In the ROM area 131. 

[0156] The secure RAM area 1 32 is an area which re- 
quires a predetermined pennission (authentication) to 
make access, and stores signature data created by us- 
ing as arguments the key file KF shown in Fig. 3B, the 

35 public-key certificate data CERcp shown in Fig. 30, and 
storage key data Kgrp having a unique value according 
to the type of machine, by utilizing a message authen- 
tication code (MAC) function . The secure RAM area 1 32 
also stores data obtained by encrypting the key file KF 

40 and the public-key certificate data CERcp by using me- 
dium key data K^^p having a value unique to the re- 
cording medium. 

[0157] The secure RAM area 132 also stores public 
key certificate revocation data for specifying the content 
45 provider 101 and the SAMs 105^ through 1064 which 
have become invalid due to an Illegal action. 
[0158] In communicating between the medium SAM 
used in this embodiment and a medium drive SAM 260, 
which is discussed below, one SAM compares its revo- 
ke cation list with that of the other SAM and determines 
when the lists were created. The revocation list created 
earlier is updated by the other revocation list. 
[01 59] The secure RAM area 1 32 stores th e UCS data 
166 which is created when the purchase/usage mode 
55 of the content data C is determined in the SAMs 1 05-, 
through 1064 of the user home network 103. By storing 
the UCS data 166 in the secure RAM area 132, the re- 
cording medium (ROM) 130-, in which the purchase/us- 
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age mode is determined can be provided. 
[0160] The medium SAM 133 stores, for example, the 
media ID, which is the identifier of the recording medium 
(ROM) 130^, and the medium key data K,^ed- "The rne- 
dium SAM 133 has, for example, a mutual authentica- 5 
tion function. 

[0161] The recording medium (ROM) usable in this 
embodiment may also be a recording medium (ROM) 

1302 shown in Fig. 12 or a recording medium (ROM) 

1303 shown in Fig. 13. 

[0162] The recording medium (ROM) 13O2 illustrated 
in Fig. 12 has a ROM area 1 31 and a medium SAM 1 33 
having an authentication function, but is not provided 
with a secure RAM area 132, unlike the recording me- 
dium (ROM) 130^ shown in Fig. 11 . If the recording me- 
dium (ROM) 13O2 is used, the content file OF is stored 
in the ROM area 131 and the key file KF is stored in the 
medium SAM 133. 

[0163] The recording medium (ROM) I3O3 illustrated 
in Fig. 13 has a ROM area 131 and a secure RAM area 
1 32, but is not provided with a medium SAM 1 33, unlike 
the recording medium (ROM) 130^ shown in Fig. 11. If 
the recording medium (ROM) I3O3 is used, the content 
file OF is stored in the ROM area 131 , and the key file 
KF is stored in the secure RAM area 1 32. Authentication 
is not performed with the corresponding SAM. 
[0164] Instead of a ROM recording medium, a RAM 
recording medium may be employed in this embodi- 
ment. 

[0165] As the RAM recording medium usable in this 
embodiment, a recording medium (RAM) 13O4 having a 
medium SAM 133, a secure RAM area 132, and an un- 
secured RAM area 134 may be used, as shown in Fig. 
14. In this recording medium (RAM) 13O4, the medium 
SAM 1 33 has an authentication function, and the secure 
RAM area 132 stores the key file KF. The unsecured 
RAM area 134 stores the content file OF. 
[0166] Alternatively, a recording medium (RAM) 13O5 
shown in Fig. 15 and a recording medium (RAM) 1306 
shown in Fig. 16 may be employed. 
[0167] The recording medium (RAM) 13O5 shown in 
Fig. 15 includes an unsecured RAM area 134 and a me- 
dium SAM 133 having an authentication function, but is 
not provided with a secure RAM area 132, unlike the 
recording medium (RAM) I3O4 shown in Fig. 14. In us- 
ing the recording medium (RAM) I3O5, the content file 
OF is stored in the unsecured RAM area 134, and the 
key file KF is stored in the medium SAM 133. 
[0168] The recording medium (RAM) 1 SOg includes a 
secure RAM area 1 32 and an unsecured RAM area 1 34, 
but is not provided with a medium SAM 133, unlike the 
recording medium (RAM) 13O4 shown in Fig. 14, In us- 
ing the recording medium (RAM) ISOg. the content file 
CF is stored in the unsecured RAM area 134, and the 
key file KF is stored in the secure RAM area 132. Au- 
thentication is not performed with the corresponding 
SAM. 

[0169] As stated above, regardless of whether the 
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content data C is distributed online via a network or of- 
fline using, for example, the recording medium 130^ 
from the content provider 1 01 to the user home network 
103, the common fonmat of the secure container 104 
which stores the UGP data 106 is used for distributing 
the content data C. This enables the SAMs 105., through 
1054 of the user home network 103 to perform rights 
processing based on the common UGP data 106. 
[0170] As also discussed above, in this embodiment, 
the in-band system is employed in which the content da- 
ta C encrypted with the content key data Kc is stored 
together with the content key data Kc for decrypting the 
content data 0 in the secure container 104. According 
to this in-band system, it is not necessary to separately 
distribute the content key data Kc when the user home 
network 103 plays back the content data C, thereby re- 
ducing the burden in network communication. The con- 
tent key data Kc is encrypted with the license key data 
KD^ through KDg. However, the license key data KD^ 
through KDg are managed in the EMD service center 
1 02 and have already been distributed to the SAMs 1 05-, 
through IO54 of the user home network 103 when the 
SAMs 105-, through IO54 first accessed the EMD serv- 
ice center 1 02. This enables the user homo network 1 03 
to use the content data C offline without accessing the 
EMD service center 102 online. 

[0171] tn the present invention, the out-of-band sys- 
tem may be employed in which the content data C and 
the content key data Kc are separately supplied to the 
user home network 103, which will be described below. 
[01 72] The process for creating the secure container 
104 by the content provider 101 is as follows. 
[01 73] Figs. 1 7 through 1 9 are a flow chart illustrating 
the above-described process, 

[0174] In step S17-1 (Fig, 17), the content provider 
101 registers offline in the EMD service center 102 by 
using the ID certificate of the content provider 1 01 or the 
bank account for settling the account, and acquires the 
globally unique identifier GPJD. The content provider 
1 01 has already obtained the public key certificate CER- 
cp of the content provider 101 from the EMD service 
center 102. 

[0175] In step SI 7-2, the content provider 101 then 
digitizes content master sources, such as content data 
to be authored and prestored legacy content data, and 
assigns the content IDs to such data. The content mas- 
ter sources are then stored in a content master source 
database and are centrally managed. 
[0176] Then, in step SI 7-3, the content provider 101 
creates meta data Meta for each of the centrally man- 
aged content master sources and stores it in a meta da- 
tabase. 

[0177] Subsequently, in step SI 7-4, the content pro- 
vider 101 reads content data, i.e., a content master 
source, from the content master source database, and 
embeds digital watermark information in the content da- 
ta. 

[0178] In step SI 7-5, the content provider 1 01 stores 
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the content and the ennbedding position of the digital wa- 
termark information embedded in step S17-4 in a pre- 
determined database. 

[0179] Then, in step S17-6, the content data having 
the embedded digital watermark infomnation is com- 
pressed. 

[0180] In step S1 7-7, the content provider 101 creates 
content data by decompressing the content data com- 
pressed in step SI 7-6. 

[0181] In step S17-8, the content provider 101 per- 
forms an audio check on the compressed content data. 
[0182] Thereafter, in step SI 7-9. the content provider 
101 detects the digital watemnark embedded into the 
content data based on the content and the embedding 
position of the digital watermark information stored in 
the database in step 817-5. 

[01 83] If both the audio check and the detection of the 
digital watermark information have been successfully 
performed, the content provider 1 01 executes process- 
ing of step 817-10 (Fig. 18). If either of the above-de- 
scribed processing has failed, the processing of step 
SI 7-4 is repeated. 

[0184] In step S17-10, the content provider 101 gen- 
erates a random number to create the content key data 
Kc and retains it. The content provider 1 01 also encrypts 
the content data compressed in step S1 7-6 by using the 
content key data Kc. 

[0185] In step S17-11, the content provider 101 cre- 
ates the content file CF shown in Fig. 3A and stores it 
in the content file database. 

[0186] Then, Instep 817-12, the content provider 101 
creates the UCP data 106 concerning the content data 
C. 

[0187] In step S17-13, the content provider 101 de- 
termines the SRP and stores it in the database. 
[0188] In step S17-14, the content provider 101 out- 
puts the content ID, the content key data Kc, and the 
UCP data 106 to the EMD service center 102. 
[01 89] Subsequently, in step 81 7-1 5, the content pro- 
vider 101 receives the key file KF encrypted with the li- 
cense key data KD^ through KD3 from the EMD service 
center 102. 

[0190] In step 81 7-1 6, the content provider 101 stores 
the received key file KF in the key file database. 
[0191] In step 817-17 (Fig. 19), the content provider 
1 01 hyperlinks the content file CF and the key file KF 
[0192] In step 817-18, the content provider 101 cre- 
ates the signature data SIGq from the hash value of 
the content file CF by using the private key data K^pg. 
The content provider 1 01 also creates the signature da- 
ta SIG7 CP ^^ovn the hash value of the key file KF by using 
the private key data K^ps- 

[0193] Instep SI 7-1 9,' the content provider 101 gen- 
erates the secure container 1 04 storing the content file 
CF, the key file KF, the public-key certificate data CER- 
cp, the signature data SIGg ^p. SIG^ cp. and SIG^ esc. 
as shown in Figs. 3A through 3C. 
[0194] If it is desired that content data is provided in 



a composite format including a plurality of secure con- 
tainers, each secure container 1 04 is created by repeat- 
ing the processes in step 81 7-1 through 817-19. Then, 
in step 817-20, a relationship between the content files 
5 CF and the key files KF is hyperlinked, and also a rela- 
tionship between the content files CF is hyperlinked. 
[0195] Thereafter, in step 81 7-21 , the content provid- 
er 101 stores the created secure container 104 in the 
secure container database. 

10 

[EMD service center 102] 

[0196] Fig. 20 illustrates the basic functions of the 
EMD service center 1 02. Primanly as shown in Fig. 20, 

15 the EMD center 1 02 supplies the license key data to the 
content provider 101 and the SAMS 105^ through 1064, 
issues public-key certificate data CERcp, and CERqami 
through CERsam4, creates the key file CF, and performs 
payment settlement (profit distribution) based on the us- 

20 age log data 108. 

Supply of license key data 

[0197] A description is first given of the process for 
25 sending the license key data from the EMD service cent- 
er 1 02 to the SAMs 1 05^ through 1 064 of the user home 
network 103. 

[0198] The EMD service center 102 reads the license 
key data KD^ through KD3 regularly, for example, for 
30 three months, from the key database, and creates the 
signature data SIGkdi.esc through SIGkds.esc ^rom the 
hash values by using the private key data K^scs of the 
EMD service center 1 02. 

[01 99] The EMD service center 1 02 then encrypts the 
35 license key data KD^ through KD3 for three months and 
the signature data SIGkdi.esc through SIGkds.esc by 
using the session key data Kqes, which is obtained by 
performing mutual authentication with the SAMs 105^ 
through 1064, and sends the encrypted data to the 
40 SAMS 1 05^ through 1 064. 

[0200] Similarly the EMD service center 102 sends, 
for example, the license key data KD-, through KDg for 
six months, to the content provider 101 . 

45 Issuing of public-key certificate data 

[0201] A description is given below of he process to 
be executed when the EMD service center 1 02 receives 
a request to issue the public-key certificate data CERqp 

50 from the content provider 101. 

[0202] Upon receiving the identifier of the content pro- 
vider 101 CP„ID, the public key data K^pp, and the sig- 
nature data SIG9 QP from the content provider 101 , the 
EMD service center 102 decrypts such data by using 

55 the session key data Kg^g obtained by perfomning mu- 
tual authentication with the content provider 1 01 . 
[0203] After verifying the integrity of the decrypted 
signature data SIGq^p, the EMD service center 102 
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makes a determination, based on the identifier CP_ID 
and the public key data Kcp,p, whether the content pro- 
vider 1 01 , which has requested the issuing of the public- 
key certificate data, is registered in a CP database. 
[0204] Then, the EMD service center 102 reads the 
X. 509-format public-key certificate data CERcp of the 
content provider 101 from the certificate database, and 
creates the signature data SIG^ from the hash value 
of the public-key certificate data CERcr by using the pri- 
vate key Kesc.s °f EtsAD service center 1 02. 
[0205] The EMD service center 102 encrypts the pub- 
lic-key certificate data CERqp and the signature data 
SIG^ ^3Q by using the session key data Kg^g obtained 
by performing mutual authentication with the content 
provider 101 , and sends the encrypted data to the con- 
tent provider 101 . 

[0206] The process to be performed when the EMD 
service center 102 receives a request from the SAM 
105^ to issue the public-key certificate data CERs;^(^-| is 
similar to that when receiving a request to issue the pub- 
lic-key certificate data CERqp from the content provider 
101 , except that processing is performed with the SAM 
105^. The public-key certificate data CER3AM1 'S also 
described in X. 509 format. 

[0207] In the present invention, if it is designed that 
the private key data Ks/^i^-, 3 and the public key data 
KsAMi,p stored in a storage unit of the SAM 1051 
when shipping the SAM 1 05^ , the EMD service 1 02 may 
create the public-key certificate data CERs^^^^^ of the 
public key data Kg^Mip when shipping the SAM 105^ 
In this case, the created public-key certificate data 
CERsAMi iT^^y be stored in the storage unit of the SAM 
1 05^ when shipping the SAM 1 05^ . 

Creating of key file KF 

[0208] Upon receiving the registration module Moda 
shown in Fig. 6 from the content provider 1 01 , the EMD 
service center 102 decodes the registration module 
Mod2 by using the session key Kg^g obtained by con- 
ducting mutual authentication with the content provider 
101. 

[0209] The EMD service center 102 then verifies the 
integrity of the signature data SIG^^ cp using the 
public key data K^pp read from the key database. 
[0210] Subsequently, the EMD service center 102 
registers in the UCP database the UCP data 106, the 
content key data Kc, the digital watermark information 
control data WM, and the SRP stored in the registration 
module Mod2. 

[021 1 ] The EMD service center 1 02 encrypts the con- 
tent key data Kc, the UCP data 106, and the SAM pro- 
gram download containers SDC^ through SDC3 by us- 
ing the license key data KD^ through KDg of correspond- 
ing periods read from a key server. 
[0212] The EMD service center 1 02 then creates the 
signature data SIGj^^^sc ^^om the hash values of the 
header data, the content key data Kc, the UCP data 1 06, 



and the SAM program download containers SDC, 
through SDC3 by using the private key data K^sq 3 of 
the EMD service center 102. 

[0213] In this manner, the EMD service center 102 
5 creates the key file KF shown in Fig. 3B and stores it in 
the KF database. 

[0214] Thereafter, the EMD service center 1 02 reads 
the key file KF from the KF database and encrypts it by 
using the session key data KgEs obtained by conducting 
10 mutual authentication with the content provider 1 01 , and 
then sends it to the content provider 101 . 

Settlement processing 

^5 [0215] Payment settlement perfomned in the EMD 
service center 102 is as follows. 

[0216] Upon receiving from, for example, the SAM 
105^ of the user home network 1 03, the usage log data 
108 and signature data SIG2oo,sami thereof, the EMD 

20 service center 1 02 decrypts such data by using the ses- 
sion key data Ks^s obtained by performing mutual au- 
thentication with the SAM 105^, thereby verifying the 
signature data SIG2oo,sami created by the public key da- 
ta KsAMi of the SAM ios^. 

25 [0217] Fig. 21 illustrates data described in the usage 
log data 108. The usage log data 108 contains, as illus- 
trated in Fig. 21 , for example, an ESC_content ID, which 
is a globally unique identifier provided by the EMD serv- 
ice center 102, for the content data C stored in the se- 

30 cure container 104, a CP_content ID, which is a globally 
unique identifier provided by the content provider 1 01 , 
for the content data C, a user ID, which is an identifier 
of the user who has received the secure container 1 04, 
user information, a SAM_ID, which is an identifier of 

35 each of the SAMs 105^ through IO54 received the se- 
cure container 104, a HNGJD, which is an identifier of 
a home network group to which the corresponding SAM 
belongs, discount information, tracing information, a 
price tag, a CP_ID of the content provider 1 01 which has 

40 provided the content data C, a service provider (portal) 
ID, a hardware provider ID, an identifier of a recording 
medium Media_ID which records the secure container 
104, a component ID, which is an identifier of a prede- 
termined component, such as a compression method 

45 for the secure container 104, an identifier of a license 
owner LHJD of the secure container 104, an identifier 
of the EMD service center 1 02 ESC_ID which performs 
payment settlement of the secure container 104. 
[0218] In the second embodiment, which is discussed 

50 below, in addition to the above-described data con- 
tained in the usage log data 108, usage log data 308 
includes an identifier SP_content ID provided by the 
service provider310 for the content data C, and an iden- 
tifier of the service provider 310 SP_ID which has dis- 
ss tributed the content data C. 

[0219] If it is necessary that the payment made by the 
user of the user home network 103 is distributed to 
neighboring rights holders other than the content pro- 
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vider 1 01 , for example, license owners for the compres- 
sion method, the recording medium, etc., the EMD serv- 
ice center 102 detennlnes the amount of payment ac- 
cording to a predetermined distribution rate, and creates 
the settlement report data and settlement request data 5 
1 52 based on the detemnined amounts of payment. The 
distribution rate may be created for each content data 
stored in the secure container 104. 
[0220] Thereafter, the EMD service center 1 02 per- 
forms payment settlement based on the SRP and the io 
sales price contained in the UCP data 1 06 read from the 
UCP database and also based on the usage log data 
108, and creates the settlement request data 152 and 
the settlement report data 107. 

[0221 ] The settlement request data 1 52 is authorized is 
data which can request the payment from the settlement 
organization 91 based on the aforementioned data, and 
if the payment made by the user is to be distributed to 
a plurality of rights holders, the settlement request data 
1 52 is created for each rights holder. 20 
[0222] The EMD service center 1 02 then decrypts the 
settlement request data 152 and signature data SIG99 
thereof through mutual authentication and using the 
session key data K^^^, and then sends them to the set- 
tlement organization 91 via the payment gateway 90 ^s 
shown in Fig. 1 . 

[0223] Accordingly, the amount of payment indicated 
in the settlement request data 1 52 is paid to the content 
provider 101 . 

[0224] The EMD service center 1 02 sends the settle- 30 
ment report data 1 07 to the content provider 1 01 . 

[User home network 1 03] 

[0225] The user home network 1 03 has, as illustrated 35 
in Fig. 1 , the network device 1 60^ and the AA/ machines 
I6O2 through I6O4. The network device 160^ has the 
built-in SAM 1 05^ . The AA/ machines 1 6O2 through 1 6O4 
have the built-in SAMs 1052 through IO54, respectively 
The SAMs 1052 through 1064 are connected to each 40 
other via the bus 1 91 , for example, an IEEE-1 394 serial 
interface bus. 

[0226] A network communication function may be 
provided for the AA/ machines leOg through I6O4. 
though it is not essential. If a network communication 45 
function is not provided, the A/V machines 1 6O2 through 
I6O4 may simply use the network communication func- 
tion of the network device 1601 via the bus 191. Alter- 
natively, the user home network 103 may include only 
A/V machines without a network function. so 
[0227] Details of the network device 1 60^ are as fol- 
lows. 

[0228] Fig. 22 is a block diagram of the network device 
160^. The network device 160-, is formed of the SAM 
150^, a communication module 162, an A/V compres- ss 
sion/decompression SAM 163, an operation unit 165, a 
download memory 167, a playback module 169, an ex- 
ternal memory 201 , and a host central processing unit 



(CPU) 810. 

[0229] The host CPU 810 centrally controls the 
processing executed within the network device I6O1, 
and the host CPU 81 0 and the SAM 1 05^ have a master- 
slave relationship. 

[0230] The relationship between the host CPU 810 
and the SAM 105^ is discussed in detail below with ref- 
erence to Fig, 23. 

[0231] In the network device 160^, as shown in Fig. 
23, the host CPU 810 and the SAM 105^ are connected 
via a host CPU bus 1000. 

[0232] When one of a plurality of interrupt types is se- 
lected according to the operation performed on the op- 
eration unit 165 by the user, the host CPU 810 receives 
an external interrupt (hardware interrupt) S165 indicat- 
ing the selected interrupt. 

[0233] If the task corresponding to the interrupt SI 65 
is found to be executed by the SAM 1 05^ , the host CPU 
810 outputs an internal interrupt (software interrupt) 
S810 indicating the task to the SAM 105^ via the host 
CPU bus 1000. 

[0234] Then, the SAM 105-, is recognized as an input/ 
output (I/O) device by the host CPU 810, and upon re- 
ceiving the internal interrupt 8810, which is a function 
call, from the host CPU 810, the SAM 1 05^ executes the 
requested task and returns the execution result to the 
host CPU 810. 

[0235] The major tasks executed by the SAM 105^ 
may include processing for purchasing content data (ac- 
counting processing), signature checking, mutual au- 
thentication, playback of content data, updating, regis- 
tration, downloading, etc. Such tasks are processed 
within the SAM 105^ while being completely shielded 
from an external source, thereby preventing the host 
CPU 810 from monitoring the processed result. 
[0236] The host CPU 810 knows which tasks should 
be requested to the SAM 105^ according to the type of 
event. More specifically, upon receiving the external in- 
terrupt SI 65 by the user's operation performed on the 
operation unit 165, such as an external key device, the 
host CPU 81 0 detennines that the task by the external 
interrupt S 1 65 is to be executed by the SAM 1 05^ . Then , 
the host CPU 81 0 outputs the internal interrupt S81 0 to 
the SAM 105^ via the host CPU bus 1000 so as to re- 
quest it to execute the task. 

[0237] Interrupts from an I/O device, such as an ex- 
ternal key device, for example, a commander or a key- 
board, to the host CPU 810 occur asynchronously with 
a user program executed by the host CPU 810. Such 
interrupts are normally referred to as the "hardware in- 
terrupts" or "external interrupts". 

[0238] Interrupts, received by the host CPU 810, for 
viewing and listening to the content or purchasing the 
content are hardware interrupts. In this case, the I/O de- 
vice which generates a hardware interrupt may be a key 
device, such as buttons or graphic user interface (GUI) 
icons, of the network device 160^. In this embodiment, 
the operation unit 165 serves as such an I/O device. 
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[0239] On the other hand, interrupts generated by the 
execution of a user program (progrann) by the host CPU 
810 are referred to as "software interrupts" or "internal 
interrupts". 

[0240] Generally, an interrupt signal of the external in- 
terrupt S1 65 is output from the operation unit 1 65 to the 
host CPU 810 via a specific line for external interrupts, 
which is separately provided from the host CPU bus 
1000. 

[0241] One external interrupt S165 is differentiated 
from the other external interrupts SI 65 by assigning 
numbers to the I/O devices which generate interrupts. 
For example, for a keyboard, numbers are assigned to 
the individual buttons (such numbers are referred to as 
"interrupt types"). Upon pressing one of the buttons, the 
corresponding information is reported from the opera- 
tion unit 165 to the host CPU 810 via the specific line, 
and the number of the pressed button is stored in a 
memory of the I/O interface. In response to the infonma- 
tion indicating that the button has been pressed, the host 
CPU 81 0 accesses the memory of the I/O interface and 
identifies the interrupt type from the number of the but- 
ton, thereby controlling the execution of an interrupt rou- 
tine corresponding to the number of the button. 
[0242] In this case, if the interrupt routine is to be ex- 
ecuted by the SAM 105^, the host CPU 810 sends the 
internal interrupt S810 to the SAM 105^ to request it to 
execute the task. 

[0243] As discussed above, tasks to be executed by 
the SAM 105., may include: 

1. Purchasing content (including purchasing keys 
and demonstration of the content); 

2. Playback of content; and 

3. downloading from the content provider 101 and 
the EMD service center 1 02 (updating, receiving us- 
age log, and program downloading). 

[0244] The host CPU 81 0 first receives external inter- 
rupts SI 65 corresponding to tasks 1 , 2, and 3 from the 
operation unit 165 via the specific line, and outputs the 
corresponding internal interrupts S81 0 to the SAM 1 05-, , 
so that the SAM 1 05^ executes tasks 1 , 2 and 3. 
[0245] The I/O devices which generate interrupts cor- 
responding to tasks 1 and 2 are the external key device, 
such as the buttons or the GUIs of the network device 
160i. 

[0246] In the case of task 3, it is not that a push-type 
downloading secure container 1 04 is sent from the con- 
tent provider 101, but that an active pull-type secure 
container 1 04 is sent to the network device 1 60^ (client) 
by performing polling to access the content provider 
101. Accordingly, the host CPU 810 knows that the 
downloaded secure container 1 04 is stored in the down- 
load memory 1 67 within the network device 1 60-, . Thus, 
in actuality, the host CPU 810 merely generates the in- 
ternal interrupt S81 0 and sends it to the SAM 1 05., with- 
out receiving the external interrupt SI 65 from the oper- 
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ation unit 165. 

[0247] Since the SAM 1 05^ serves as an I/O device 
(slave) of the host CPU 81 0, the main routine of the SAM 
1 05.| is started when being powered on, and then, enters 

5 the standby (waiting) mode. 

[0248] Subsequently, immediately when receiving the 
internal interrupt S81 0 from the host CPU 810 (master), 
the SAM 105-, begins processing the task while being 
completely shielded from an extemal source. Then, the 

10 SAM 1 05., reports the completion of processing the task 
to the host CPU 810 by the extemal interrupt (hardware 
interrupt), and requests the host CPU 810 to receive the 
result. Accordingly, the SAM 1 05-, does not contain a 
user main program (user program). 

^5 [0249] The SAM 105-, executes processing, such as 
for purchasing the content, playback of the content, and 
downloading from the content provider 101 and the 
EMD service center 102, as an Interrupt routine. The 
SAM 105., generally wails in the standby mode, and up- 

20 on receiving the internal interrupt S810 from the host 
CPU 810, the SAM lOS-j executes the interrupt routine 
corresponding to the interrupt type (number) (function 
call command), and requests the host CPU 810 to re- 
ceive the result. 

25 [0250] More specifically, a request to execute a task 
from the host CPU 81 0 to the SAM 1 05-, by the internal 
interrupt S810 is made according to an I/O command, 
and then, the SAM 105-, interrupts itself based on the 
function call command received from the host CPU 81 0. 

30 In actuality, the host CPU 81 0 outputs the internal inter- 
rupt S81 0 to the SAM 1 05-, by performing the chip select 
for selecting the SAM 105-,. 

[0251] As discussed above, although the host CPU 
81 0 receives the external interrupt SI 65 for purchasing 

35 or playing back the content, it request the SAM 1 05^ to 
execute the corresponding task. This is because the 
task involves the security, such as encryption process- 
ing, creating and checking signatures, accompanied by 
the processing for purchasing the key. 

40 [0252] The interrupt routine stored in the SAM 105-, 
serves as a sub routine of the interrupt routine of the 
host CPU 810. 

[0253] The interrupt routine executed by the host CPU 
810 is a task which makes an instruction to send the 

45 internal interrupt (function call) S810 requesting the ex- 
ecution of the task corresponding to the extemal inter- 
rupt SI 65 to a common memory space of the SAM 1 05-, . 
[0254] As shown in Fig. 24, each of the interrupt rou- 
tines stored in the SAM 1 05-, contains sub routines. Pro- 

50 grams which can be shared with the other interrupt rou- 
tines are preferably defined as sub-routines, thereby 
saving the memory space. The processing of the SAM 
105-, may be executed in a manner similar to that exe- 
cuted by a CPU, such as concurrently defining sub-rou- 

55 tines from an interrupt routine or defining second-gen- 
eration sub-routines from a first-generation sub-routine. 
[0255] Referring back to Fig. 23, the relationship be- 
tween the host CPU 810 and the SAM 105-, is described. 
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As discussed above, the host CPU 810 receives an in- 
terrupt from an I/O device, such as an external key de- 
vice, as the external interrupt (hardware interrupt) S1 65 
via a specific line. 

[0256] A number is provided for each specific line, and 
according to the number, the corresponding inten-upt 
vector is extracted from an interrupt vector table stored 
in a system memory of the host CPU 810, thereby start- 
ing the interrupt routine. 

[0257] There are two kinds of interrupt types: one type 
is an indirect access indicating a selection number of 
the interruptvector in the vector table, and the othertype 
is a direct access indicating the start address of the in- 
terrupt routine. 

[0258] If the received external interrupt indicates a 
task to be executed by the SAM 1 05^ , the host CPU 8 1 0 
outputs the internal interrupt S81 0 to the SAM 1 05^ and 
requests it to execute the task (I/O command). 
[0259] The type of task is defined by a command 
name, and the host CPU 810 outputs the command- 
based internal interrupt S810 to the SAM 105^. When 
being powered on, the SAM 1 05^ initializes the program 
and checks the integrity of the SAM 105^, as shown in 
Fig. 24, and then, enters a sleep mode (standby mode). 
In the sleep mode, only the operation of the CPU is 
stopped, and the sleep mode is released by any inter- 
rupt. Thereafter, the status of the SAM 1 05-, is shifted to 
a program execution status via an execution handling 
status. Upon receiving an internal interrupt from the host 
CPU 810, the SAM 105-, executes the corresponding 
task and returns the result to the host CPU 810. 
[0260] In response to the result from the SAM lOS^, 
the host CPU 81 0 starts to take another action. Howev- 
er, even while the SAM 105^ is executing one task, the 
host CPU 81 0 may perform anothertask. The host CPU 
810 receives the execution result of the task from the 
SAM 105^ as an interrupt. 

[0261] There are two approaches to reporting the ex- 
ecution result of the task from the SAM 1 05., to the host 
CPU 81 0. One approach is to output an interrupt to the 
host CPU 810 and to request the host CPU 810 to re- 
ceive the result. The other approach is to provide status 
registers (which is referred to as the "SAM status regis- 
ters") in an address space of the SAM 105^ which is ac- 
cessible by the host CPU 81 0. (A read/write command, 
address information, and data from the host CPU 810 
are carried to the address space.) According to the sec- 
ond approach, the type of task, flags indicating whether 
the task is being waited, executed, or completed, etc. 
can be set in the SAM status register (SAM_SR), and 
the host CPU 810 regularly performs polling (reading 
data) to the SAM status register. 

[0262] A first SAM status register sets a flag indicating 
the status of the SAM 105^ read by the host CPU 81 0. 
[0263] A second SAM status register sets flags des- 
ignating whether the execution of the task from the host 
CPU 81 0 has been requested. These flags are read by 
the CPU within the SAM 105-,. Based on the priority of 



bus mediation, both the host CPU 810 and the SAM 
105., are allowed to access the flags set in the first and 
second SAM status registers. 

[0264] More specifically, in the first SAM status regis- 
5 ter, flags are set indicating whether the SAM is executing 
the task, has completed the task, or is waiting for a task 
to be executed. The name of the task is also indicated 
in the first SAM status register The host CPU 81 0 reg- 
ularly performs polling to access the first SAM status 
10 register. 

[0265] In the second SAM status register, flags are set 
indicating whether the execution of a task has been re- 
quested from the host CPU 810 or is in the standby 
mode. 

15 [0266] The I/O write command is first sent from the 
host CPU 81 0 to the SAM 1 05^ , which is an I/O device, 
followed by data and address information to be written. 
The address information (data storage location) is 
stored in the common memory space shared by the host 

20 CPU 81 0 and the SAM 1 05., . 

[0267] It is required that the memory address space 
within the SAM 106^ should be invisible from the host 
CPU 810 (tamper-resistance characteristics). Accord- 
ingly, the memory address space within the SAM 105^ 

25 should be managed so that only part of a static random 
access memory (SRAM) for a work stack, or part of an 
external flash ROM (electrically erasable programmable 
read only memory (EEPROM)) is visible from the host 
CPU 810. Thus, a large amount of data is written into 

30 part of the SRAM or part of the EEPROM from the host 
CPU 810, and a small amount of data is written into a 
temporary register within the SAM 105^ which can be 
visible from the host CPU 810. 

[0268] The address of an interrupt routine to be exe- 
55 cuted by an interrupt is referred to as the "interrupt vec- 
tor". The interrupt vectors are stored in the vector table 
according to the order of the interrupt types. 
[0269] Upon receiving an external interrupt, as shown 
in Fig. 25, according to the interrupt type (number), the 
40 host CPU 810 extracts the inten-upt vector from the in- 
terrupt vector table stored in the memory, and executes 
the corresponding routine started from the address (in- 
terrupt vector) as a sub-routine. 

[0270] In this embodiment, in performing one of the 
45 above-described tasks 1 through 3, an external interrupt 
occurs from the corresponding I/O device by a physical 
interrupt signal, and the host CPU 81 0 sends a function 
call (procedure call) by using an internal interrupt (soft- 
ware interrupt) to the SAM 105^ and request it to exe- 
50 cute the interrupt routine (task) according to the interrupt 
type (number). Then, the host CPU 810 receives the ex- 
ecution result of the task and starts to take another ac- 
tion. 

[0271] The internal interrupt is a software interrupt 
55 generated from the user program, i.e., the CPU, as il- 
lustrated in Fig. 26. The internal interrupt is generated 
by the execution of an INT command of a machine lan- 
guage. 
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[0272] Details of the function call (procedure call) are 
as follows. 

[0273] An interrupt routine is formed of snnall func- 
tions, and a command name is defined for each function. 
By designating the command name together with the in- 
terrupt command INT from the user program, the target 
function can be fulfilled. This is refen-ecj to as the 'lunc- 
tion call (procedure call)". In this manner the function 
call is perfomned through the internal interrupt (software 
interrupt). 

[0274] In perfomiing the function call, parameters for 
executing the interrupt routine are delivered by inputting 
the function call number in the register of the CPU, 
thereby designating the target function. The result is re- 
turned to the register or the memory, or the correspond- 
ing operation is performed. 

[0275] For example, in executing code A within the us- 
er program shown in Fig. 27, the host CPU 810 desig- 
nates the interrupt command INT and the command 
name "INT 21 H", and the CPU of the SAM 1 05^ access- 
es the memory area corresponding to the interrupt type 
"21 H", and also accesses a command analyzer, thereby 
executing the sub-routine of the function 3. 
[0276] The processing statuses of the CPU of the 
SAM 105^ are discussed below with reference to Fig. 
28. 

[0277] There are five statuses of the CPU of the SAM 
1 05-, , as illustrated in Fig. 28: a reset status ST1 , an ex- 
ception handling status ST2, a program execution sta- 
tus ST3, a bus- right release status ST4, and a low power 
status ST5. 

[0278] Details of the individual statuses are as fol- 
lows. 

[0279] ' The reset status ST1 is a status in which the 
CPU is reset. 

[0280] The exception handling status ST2 is a transi- 
tional status in which the CPU is shifting the processing 
status due to an external handling factor, such as reset- 
ting or interrupt processing. In performing inten-upt 
processing, by referring to a staclc pointer (SP), the 
count value of a program counter (PC) and the value of 
a status register (SR) are temporarily stored in a stack 
area. The address at which the interrupt routine is start- 
ed is then extracted from the exception-handling vector 
table, and the routine is branched to the address, there- 
by starting the program. The status of the CPU is then 
shifted to the program execution status ST3. 
[0281] The program execution status ST3 is a status 
in which the CPU is sequentially executing programs. 
[0282] The bus-right release status ST4 is a status in 
which the CPU releases the bus to a device which has 
requested a bus right. 

[0283] The low power status ST5 has three modes, 
such as a sleep mode, a standby mode, and a module 
standby mode. 

(1) Sleep mode 

The operation of the CPU is discontinued, but 



data stored in the internal register of the CPU, data 
in a built-in cache memory, and data in a built-in 
RAM are retained. The functions of built-in periph- 
eral modules other than the CPU are still working. 
5 The sleep mode is released by resetting, any 

interrupt, or a direct memory access (DMA) address 
en-or, and is shifted to the program execution status 
ST3 via the exception handling status ST2. 

(2) Standby mode 
In the standby mode, the functions of the CPU, 

a built-in module, and an oscillator are completely 
stopped. Data of a built-in cache memory and data 
of a built-in RAM are not retained. The standby 
mode is released by resetting or an external non- 
maskable interrupt (NMI). After being released, the 
standby mode is shifted to the normal program sta- 
tus via the exception handling status ST2 after the 
lapse of a period required for stabilizing oscillations. 
In the standby mode, since the oscillator is stopped, 
power consumption is considerably reduced. 

(3) Module standby mode 
The supply of a clock to a built-in module, such 

as a DMA, is discontinued. 

[0284] The relationship between the host CPU 810 
and the SAM 1 05^ is described below through a memory 
space with reference to Fig. 29. 

[0285] Upon receiving an external intermpt through a 
user's operation on a button, as shown in Fig. 29, a CPU 
81 Oa of the host CPU 81 0 intermpts the execution of the 
user program, and designates the interrupt type so as 
to access the hardware interrupt area of the interrupt 
vector table. Then, the CPU 81 Oa executes the interrupt 
routine stored in the accessed address. The interrupt 
routine describes the process for outputting a function 
call 1-1, 1-2, 2, or 3, which is the internal interrupt, to 
the SAM 1 05-1 so as to request the SAM 1 05 ^ to execute 
the corresponding task, and for acquiring the execution 
result from the SAM 1 05-| and then returning to the user 
program. More specifically, the CPU 810a writes infor- 
mation for specifying the task into an SRAM 1155, which 
forms part of a memory 1 05.,a within the SAM 1 05-, and 
which serves as a common memory for the host CPU 
810 and the SAM 105-,. 

[0286] In outputting the internal intenrupt to the SAM 
105-,, the CPU 810a of the host CPU 810 turns on the 
task waiting flag of a second SAM status register 1156b 
within the SAM 105^. 

[0287] A CPU 1 1 00 of the SAM 1 05^ checks the sec- 
ond SAM status register 1 1 56b and accesses the SRAM 
1155 so as to specify the type of task requested by the 
host CPU 810, thereby executing the corresponding in- 
terrupt routine. The interrupt routine is executed by 
reading sub-routines, as stated above, which include, 
for example, mutual authentication with a recording me- 
dium, an AJV compression/decompression SAM, a me- 
dia drive SAM, an IC card, and the EMD sen/ice center 
102, mutual authentication between machines, andcre- 
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ating and checking of signature data. 
[0288] The CPU 1 1 00 of the SAM 1 05^ stores the re- 
sult of the interrupt routine (task result) in the SRAM 
1 1 55, and also turns on the task completion flag of a first 
SAM status register 1156a within the SAM 105^. 
[0289] After checking that the task completion flag of 
the first SAM status register 1156a is on, the host CPU 
810 reads the task result from the SRAM 1155 and re- 
turns to the processing of the user program. 
[0290] The functions of the SAM 1 05^ are as follows. 
It should be noted that the functions of the SAMs 1052 
through IO54 are similar to those of the SAM 105i. 
[0291] The SAM 105^ performs accounting process- 
ing for each content, and communicates with the EMD 
service center 102. The standards and version of the 
SAM 1 05^ may be managed by the EMD service center 
1 02. If it is desired by electric home appliance manufac- 
turers that the SAM 1 05^ be loaded in electric home ap- 
pliances, the EMD service center 1 02 may license such 
manufacturers to use the SAM 105-| as a black-box ac- 
counting module for performing accounting in units of 
contents. For example, the EMD service center 102 
standardizes the IC, such as the IC interface, of the SAM 
1 05., without making it known to the manufacturers, and 
the SAM 105^ is loaded in the network device 160^ ac- 
cording to the standards. The SAMs lOSg through 1064 
are loaded in the AJV machines I6O2 through I6O4, re- 
spectively. 

[0292] The processing content of the SAM 105., is 
completely shielded from an external source and is thus 
protected from being externally monitored or tampered. 
The SAM 1 05., is a function module which is implement- 
ed by executing a tamper-resistant hardware module 
(for example, an IC module) in which prestored data or 
currently processing data cannot be tampered with, or 
by executing software (private program) by the CPU. 
[0293] If the functions of the SAM 105^ are imple- 
mented by an IC, a private memory is disposed within 
the I C, and a private program and private data are stored 
in the private memory. If the functions of the SAM 105^ 
are incorporated into part of a machine ratherthan being 
implemented by using a physical form, such as an tC, 
the portion incorporating the functions may be defined 
as a SAM. 

[0294] In the example of the network device 160^ 
shown in Fig. 22, the secure container 1 04 is output from 
the communication module 162 to the SAM 105^, as in- 
dicated by the solid line. However, as indicated by the 
one-dot chain lines, the key file KF may be output from 
the communication module 162 to the SAM 105^, and 
the content file CF may be directly written into the down- 
load memory 1 67 from the communication module 1 62 
via a CPU bus. 

[0295] The content data C may be output to the AN 
compression/decompression SAM 163 directly from the 
download memory 1 67 by skipping the SAM 1 05^ . 
[0296] The functions of the SAM 1 05^ are specifically 
described below with reference to the functional block 



of Fig. 30. 

[0297] Fig. 30 illustrates the data flow for receiving the 
secure container 1 04 from the content provider 101 and 
processing for decoding the key file KF within the secure 
5 container 104. 

[0298] The SAM 105^ includes, as shown in Fig. 30, 
a mutual authentication unit 170, encryption/decryption 
(decoding) units 171, 172, and 173, a content provider 
manager 180, a download memory manager 182, an A/ 

10 V compression/decompression SAM manager 184, an 
EMD service center manager 1 85, a usage monitor 1 86, 
an accounting processor 187, a signature processor 
1 89, a SAM manager 1 90, a storage unit 1 92, a medium 
SAM manager 197, a work memory 200, an external 

^5 memory manager 81 1 , and a CPU 1 1 00. 

[0299] The CPU 1100 receives the internal interrupt 
S810 from the host CPU 810 and controls the entire 
processing within the SAM 105.,. 
[0300] The correlation of the components of the SAM 

20 1 05^ and the elements of the present invention is as fol- 
lows. The content provider manager 1 80 and the down- 
load memory manager 1 82 correspond to input process- 
ing means, the accounting processor 187 corresponds 
to determining means, log data generation means, and 

^5 UCS data generation means, the encryption/decryption 
(decoding) unit 172 corresponds to decoding means, 
and the usage monitor unit 186 corresponds to usage 
control status means. The encryption/decryption (de- 
coding) unit 173 corresponds to encryption means. A 

50 medium drive SAM manager 855 shown in Fig, 45, 
which is discussed below, corresponds to recording 
control means. The signature processor 189 corre- 
sponds to signature processing means. 
[0301] As discussed above, the individual functions of 

35 the SAM 1 05., are implemented by executing the private 
program by the CPU or by operating predetemnined 
hardware. The hardware configuration of the SAM 105^ 
is discussed below. 

[0302] In the external memory 201 of the network de- 
40 vice 160., , as shown in Fig. 31 , the usage log data 108 
and the SAM registration list are stored. 
[0303] The memory space of the external memory 
201 is invisible from an external source of the SAM 105^ 
(for example, the host CPU 81 0), and only the SAM 1 05^ 
is allowed to manage access to the storage area of the 
external memory 201 . As the external memory 201 , a 
flash memory or a ferroelectric memory (FeRAM) may 
be used. 

[0304] As the work memory 200, an SRAM may be 
50 used. The work memory 200 may include, as shown in 
Fig. 32, the content key data Kc, the UCP data 106, lock 
key data Klqc the storage unit 192, the public key 
certificate CER^p of the content provider 101 , the UCS 
data 166, and the SAM program download containers 
55 SDC^ through SDC3, which are stored in the secure con- 
tainer 104. 

[0305] As one of the functions of the SAM 105^, the 
processing executed by the functional blocks when the 
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secure container 1 04 is received (downloaded) from the 
content provider 101 is described below with reference 
to Fig. 30. This processing is centrally controlled by the 
CPU 1100 which has received the internal inten^upt 
S810 for downloading the content from the host CPU 
810. 

[0306] In sending and receiving data online by the 
SAM 105i with the content provider 101 and the EMD 
service center 102, the mutual authentication unit 170 
perfomns mutual authentication with the content provid- 
er 1 01 and the EMD service center 1 02 to generate ses- 
sion key data (common key data) Kses' outputs it 
to the encryption/decryption (decoding) unit 171. The 
session key data Kses ^ newly created every time mu- 
tual authentication is conducted. 
[0307] The encryption/decryption (decoding) unit 1 71 
encrypts and decrypts the data sent to and received 
from the content provider 1 0 1 and the EMD service cent- 
er 1 02 by using the session key Ks^s created by the 
mutual authentication unit 170. 

[0308] If the download memory 1 67 shown in Fig. 22 
is provided with a medium SAM 167a, as shown in Fig. 
22, mutual authentication is performed between the mu- 
tual authentication unit 1 70 and the medium SAM 1 67a. 
Then, the download memory manager 1 82 encrypts the 
content by using the session key data Kses obtained by 
mutual authentication, and writes the encrypted data in- 
to the download memory 167 shown in Fig. 22. As the 
download memory 167, a non-volatile semiconductor 
memory, such as a Memory Stick may be used. 
[0309] If a memory without a mutual authentication 
function, such as a hard disk drive (HDD), shown in Fig. 
33, is used as a download memory 211 , the download 
memory 211 is unsecured. Accordingly, the content file 
CF is downloaded into the download memory 211 , and 
the highly secret key file KF is downloaded into, for ex- 
ample, the work memory 200 shown in Fig. 30 or the 
extemal memory 201 shown in Fig. 22. 
[0310] In storing the key file KF in the external mem- 
ory 201. the SAM 105^ encrypts it by using message 
authentication code (MAC) key data K^^^q in the CBC 
mode and stores it in the external memory 201 , and also 
stores part of the final block of the ciphertext in the SAM 
105^ as a MAC value. In reading the key file KF from 
the external memory 201 to the SAM 1 05^ , the read key 
file KF is decrypted with the MAC key data K^^^^c* 
then, the resulting MAC value is compared with the 
stored MAC value, thereby verifying the integrity of the 
key file KF. In this case, instead of the MAC value, a 
hash value may be used. 

[031 1 ] The encryption/decryption (decoding) unit 1 72 
decodes the content key data Kc, the UCP data 106, 
and the SAM program download containers SDC^ 
through SDC3 within the key file KF stored in the secure 
container 104 received from the download memory 
manager 1 82 by using the license key data KD^ through 
KD3 of corresponding periods read from the storageunit 
192. 



[0312] The decoded content key data Kc, the UCP da- 
ta 106, and the SAM program download containers 
SDCi through SDC3 are written into the work memory 
200. 

5 [031 3] The EMD service center manager 1 85 manag- 
es communication with the EMD service center 102 
shown in Fig. 1 . 

[0314] The signature processor 189 verifies the integ- 
rity of the signature data within the secure container 1 04 

^0 by using the public key data Kgsc.p EMD service 
center 1 02 and the public key data Kqpp of the content 
provider 1 01 read from the storage unit 192. 
[0315] The storage unit 1 92 has the following data, as 
shown in Fig. 34, as private data protected from being 

^5 read or written from outside the SAM 1 05^ : a plurality of 
license key data KD^ through KD3 having effective 
dates, a SAM_ID, a user ID, a password, an identifier 
HNG_ID of a home network group to which the SAM 
105^ belong, an information reference ID, a SAM regis- 

20 tration list, a revocation list of devices and recording me- 
dia, storage key data Kstrj public key data Kr.^a.p of ^ 
route CA, public key data K^sc p EMD service 

center 1 02, a source key data for mutual authentication 
with a driving SAM (when the common key cryptosys- 

25 tem is employed), a public key certificate of a driving 
SAM (when the private key cryptosystem is employed), 
private key data Ksami,s ^f the SAM 106^ (when the 
common key cryptosystem is employed), a public key 
certificate CERqami which the public key data 

30 KsAMi,p of the SAM 1051 is stored (when the private 
key cryptosystem is employed), signature data SIG22 of 
a public key certificate CEResc obtained by using the 
private key data Kgscs of the EMD service center 1 02, 
source key data for mutual authentication with the AA/ 

55 compression/decompression SAM 163 (when the com- 
mon key cryptosystem is employed), source key data 
for mutual authentication with the medium SAM (when 
the common key cryptosystem is employed), public-key 
certificate data CER^edsam of ^^e medium SAM (when 

40 the public key cryptosystem is employed), the signal 
source which can be handled, the compression method, 
the display performance of a monitor to be connected, 
the format conversion function, the presence or ab- 
sence of a bit stream recorder, rights processing (profit 

45 distribution) data, an ID of related entities which receive 
profits, etc. 

[0316] In Fig. 34, the items of data having the symbol 
* marked at the left side are stored in the storage unit 
192 when shipping the SAM 105^, and the other items 

so of data are stored in the storage unit 1 92 when user reg- 
istration is performed after shipping the SAM 105^. 
[0317] A private program for implementing at least 
part of the functions shown in Fig. 30 is also stored in 
the storage unit 192. 

55 [0318] As the storage unit 1 92, a flash-EEPROM may 
be used. 
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Processing to be executed when license key data is 
received 

[0319] A description is now given, with reference to 
Figs. 33 and 35, of the process within the SAM 105^ 
when storing the license key data KD^ through KD3 re- 
ceived from the EMD service center 102 in the storage 
unit 192. 

[0320] Fig. 35 is a flow chart illustrating the process 
within the SAM 1 051 when storing the license key data 
KD^ from the EMD sen/ice center 102 through KD3 in 
the storage unit 192. 

[0321] lnstepS35-0, theCPU 1100 of the SAM 105^ 
receives the internal Interrupt S810 indicating an in- 
struction to receive the license key data from the host 
CPU 810. 

[0322] In step S35-1, mutual authentication is per- 
formed between the mutual authentication unit 1 70 of 
the SAM 105^ and the EMD service center 102. 
[0323] Then, in step S35-2, the license key data KD^ 
through KD3 for three months and the corresponding 
signature dataSIG^p^ through SIG^ds.esc encrypt- 
ed with the session key data Kg^g obtained by mutual 
authentication performed in step S35-1 are written from 
the EMD service center 1 02 to the work memory 200 via 
the EMD service center manager 185. 
[0324] In step S35-3, the encryption/decryption (de- 
coding) unit 171 decrypts the license key data KD^ 
through KD3 and the signature data SIG^pi esc through 
SIGkd3.esc by using the session key data kgEs- 
[0325] Subsequently in step S35-4, the signature 
processor 1 89 verifies the integrity of the signature data 
SIGkdi,esc through SIGkds.esc stored in the work 
memory 200 and then writes the license key data KD^ 
through KD3 in the storage unit 192. 
[0326] Instep S35-5, theCPU 1100 reports the result 
of the processing for receiving the license key data to 
the host CPU 81 0 through an external interrupt. 
[0327] Alternatively the CPU 1100 may set a flag in 
the SAM status register indicating whether the above- 
described receiving processing has been correctly per- 
formed, in which case, the host CPU 81 0 may read the 
flag by polling. 

Processing to be executed when the secure container 
1 04 is received from the content provider 1 01 

[0328] A description is now given of, with reference to 
Figs, 30 and 36, of the flow within the SAM 105^ when 
receiving the secure container 1 04 from the content pro- 
vider 101 . 

[0329] In the example described below, the content 
file OF Is written into the download memory 1 67 via the 
SAM 105^. In the present invention, however, the con- 
tent file CF may be directly written into the download 
memory 167 without passing through the SAM 105^. 
[0330] Fig, 36 is a flow chart illustrating the process 
within the SAM 1 05^ when receiving the secure contain- 



er 1 04 from the content provider 1 01 . 
[0331] In the subsequent example, the SAM 105i ver- 
ifies the various items of signature data when receiving 
the secure container 104. Alternatively the signature 
5 data may be verified when the purchase/usage mode is 
determined. 

[0332] In step S36-0, theCPU 11 00 of the SAM 105^ 
shown in Fig. 30 receives from the host CPU 810 the 
internal interrupt S810 indicating an instruction to re- 

10 ceive the secure container 1 04. 

[0333] In step S36-1 , mutual authentication is con- 
ducted between the mutual authentication unit 170 of 
the SAM 1 05^ and the content provider 101. 
[0334] Then, in step S36-2, mutual authentication is 

15 performed between the mutual authentication unit 170 
of the SAM 105^ and the medium SAM 167a of the 
download memory 167. 

[0335] In step S36-3, the secure container 104 re- 
ceived from the content provider 1 01 is written into the 

^0 download memory 167, Simul-taneously the secure 
container 1 04 is encrypted in the mutual authentication 
unit 170 and is decrypted in the medium SAM 167a by 
using the session key data obtained in step S36-2. 
[0336] Subsequently in step S36-4, the SAM 1 05^ de- 

^5 codes the secure container 1 04 with the use of the ses- 
sion key data obtained in step S36-1 . 
[0337] lnstepS36-5, after verifying the signature data 
^'*^1.ESC indicated by Fig. 3C, the signature processor 
189 verifies the signature data SIG© and SIG7 by 

30 using the public key data K^pp of the content provider 
101 stored in the public-key certificate data CERcp 
shown in Fig. 3C. 

[0338] When the signature data SIGg.cp is verified, 
the integrity of the creator and the sender of the content 

35 file CF is verified. 

[0339] When the signature data SIGy ^p is verified, 
the sender of the Integrity of the key file KF is verified. 
[0340] Thereafter, in step S36-6, the signature proc- 
essor 189 checks the integrity of the signature data 

40 SIGk;! ESC within the key file KF shown in Fig. 3B, i.e., 
the integrity of the creator of the key file KF, by using the 
public key data K^scr fe^cl from the storage unit 192, 
and also checks whether the key file KF is registered in 
the EMD service center 102. 

45 [0341] In step S36-7, the encryption/decryption (de- 
coding) unit 1 72 decrypts (decodes) the content key da- 
ta Kc, the UCP data 106, and the SAM program down- 
load containers SDC^ through SDC3 within the key file 
KF shown in Fig. 3B by using the license key data KD-, 

50 through KD3 of corresponding periods read from the 
storage unit 192, and writes them into the work memory 
200. 

[0342] Then, In step S36-8, the CPU 1100 reports to 
the host CPU 81 0 through an externa! Interrupt whether 
55 the secure container 104 has been correctly received. 
Alternatively the CPU 1100 may set a flag in the SAM 
status register indicating whether the secure container 
104 has been appropriately received, and the host CPU 
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810 may read the flag by polling. 
[0343] The processing perfomned by the individual 
functional blocks for purchasing and using the content 
data C downloaded into the download mennory 167 Is 
described below with reference to Fig. 37. 
[0344] The processing of the functional blocks are 
centrally controlled by the CPU 11 00 which receives the 
internal interrupt S810 from the host CPU 810. 
[0345] The usage monitor 186 reads the UCP data 
1 06 and the UCS data 1 66 from the work memory 200, 
and monitors the situation to make sure that the content 
is purchased and used within the license restricted by 
the UCP data 106 and the UCS data 166. 
[0346] As stated with reference to Fig. 36. the UCP 
data 106 is stored in the key file KF in the work memory 
200 after being decoded. 

[0347] The UCS data 1 66 is stored in the work mem- 
ory 200 when the purchase mode is determined by the 
user, as discussed below. The UCS data 166 includes 
the user ID who has purchased the content data C, the 
tracing infomnation, etc., i.e., the same data as the UCP 
data 106 shown in Fig, 3B, except for the UCS informa- 
tion indicating the purchase mode determined in the pur- 
chase-mode determining processing. 
[0348] In receiving the internal interrupt S81 0 indicat- 
ing an instruction to determine the purchase mode or 
the usage mode of the content from the CPU 810 shown 
in Fig. 22, the accounting processor 1 87 creates the cor- 
responding usage log data 108. 
[0349] As stated above, the usage log data 108 indi- 
cates the history of the purchase and usage modes of 
the secure container 1 04 made by the user, and is used 
when performing the settlement processing and deter- 
mining the license fee by the EMD service center 102 
according to the purchase of the secure container 1 04. 
[0350] The accounting processor 1 87 informs the us- 
er of the sales price or the SRP read from the work mem- 
ory 200 if necessary. The sales price and the SRP are 
contained within the decoded UCP data 106 of the key 
file KF shown in Fig. SB stored in the work memory 200. 
[0351] The accounting processing by the accounting 
processor 1 87 is perfomned under the monitoring of the 
usage monitor 186 based on the rights, such as the li- 
cense agreement conditions, represented by the UCP 
data 106, and the UCS data 166. That is, the user pur- 
chases and uses the content within the allowance of the 
rights. 

[0352] The accounting processor 187 also creates, 
based on the internal interrupt S81 0, the UCS data 1 66 
indicating the purchase mode of the content determined 
by the user, and writes it into the work memory 200. 
[0353] In this embodiment, after the purchase mode 
is determined, the UCS data 166 is stored in the work 
memory 200. However, the UCS data 1 66 and the con- 
tent key data Kc may be stored in the external memory 
201 . As the external memory 201 , a flash memory, which 
is a non-volatile RAM, may be used, as stated above. 
In writing the UCS data 166 and the content key data 



Kc into the external memory 201 , integrity check is per- 
formed for verifying the integrity of the external memory 
201 , in which case, a storage area of the external mem- 
ory 201 is divided into a plurality of blocks, and a hash 
5 value is determined for each block by using SHA-1 or 
MAC, and the determined hash values are controlled in 
the SAM 105i. 

[0354] Instead of determining the purchase mode in 
the SAM 105^, the secure container 104 may be trans- 

10 ferredtoanotherSAM.suchasSAM 1052 through '^^^4^ 
in which case, the UCS data 166 is not created. 
[0355] The purchase modes of the content include, for 
example, "sell through" in which no restriction is im- 
posed on playback operation by the purchaser and cop- 

>5 ying for the use of the purchaser, 'lime limited" in which 
the period of use is restricted, "pay per play" in which 
charging incurs every time the content is played back, 
"pay per SCMS" in which charging incurs every time the 
copied content is played back in a SCMS device, "sell 

20 through SCMS copy" in wh ich copying in a SCMS device 
is allowed, and "pay per copy N without copy guard" in 
which charging incurs every time the content is played 
back without setting a copy guard. 
[0356] The UCS data 166 is created when the user 

25 detemnines the purchase mode of the content, and is 
thereafter used for controlling so that the purchase uses 
the content within the allowance of the detemnined pur- 
chase mode. The UCS data 166 includes the content 
ID, the purchase mode, the price according to the pur- 

30 chase mode, a SAM_ID of the SAM which has pur- 
chased the content, and a user_ID of the user who has 
purchased the content. 

[0357] If the determined purchase mode is "pay per 
play", "pay per SCMS", or "pay per copy N without copy 

35 guard", upon purchasing the content data C, the SAM 
1 05-1 may send the UCS data 1 66 to the content provider 
101 in real time, and the content provider 101 may in- 
struct the EMD service center 1 02 to fetch the usage log 
data 108 within a predetemiined period. 

40 [0358] If the detemnined purchase mode is "sell 
through", the UCS data 1 66 may be sent to both the con- 
tent provider 1 01 and the EMD service center 1 02 in real 
time. Thus, in this embodiment, regardless of the pur- 
chase mode, the UCS data 166 is sent to the content 

45 provider 101 in real time. 

[0359] The EMD service center manager 1 85 regular- 
ly sends the usage log data 108 read from the external 
memory 201 via the external memory manager 811 to 
the EMD service center 102. 

50 [0360] In this case, the signature processor 189 cre- 
ates the signature data SIG2oo,sami of the usage log da- 
ta 108 by using the private key data Ksami.S' 
EMD service center manager 185 sends the signature 
data SIGgoo.sAMi together with the usage log data 108 

55 to the EMD service center 102. 

[0361] The EMD service center manager 185 may 
send the usage log data 108 regulariy in response to a 
request from the EMD service center 1 02, or when his- 
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tory information in the usage log data 108 exceeds a 
predetermined amount. The amount of history informa- 
tion is detemnined according to, for example, the storage 
capacity of the extemal memory 201 . 
[0362] When the CPU 1100 receives the internal in- 5 
terrupt S810 indicating an instruction to play back the 
content from the host CPU 810 shown in Fig. 22, the 
download memory manager 1 82 outputs the content da- 
ta C read from the download memory 1 67, the content 
key data Kc read from the work memory 200, and user io 
digital information data 196 input from the accounting 
processor 187 to the AA/ compression/decompression 
SAM manager 184. 

[0363] Upon receiving the internal interrupt S810 in- 
dicating an instruction to listening to the content for dem- is 
onstration, the down load-memory manager 1 82 outputs 
the contentfile CF read from the download memory 1 67, 
the content key data Kc and partially disclosing param- 
eter data 1 99 read from the work memory 200 to the A/ 
V compression/decompression SAM manager 184. 20 
[0364] The partially disclosing parameter data 1 99 is 
described in the UCP data 106, and indicates the han- 
dling of the content in the demonstration mode. This en- 
ables the AA/ compression/decompression SAM 1 63 to 
play back the encrypted content data C in a partially dis- 25 
closing state based on the partially disclosing parameter 
data 1 99. As the partially disclosing techniques, the fol- 
lowing techniques are available. By utilizing the fact that 
the AA/ compression/decompression SAM 163 proc- 
esses data (signal) in units of predetemnined blocks, 30 
some blocks are decoded by using the content key data 
Kc, and some blocks are not decoded by using the con- 
tent key data Kc according to the partially disclosing pa- 
rameter data 1 99. Or, the playback functions in the dem- 
onstration mode are restricted, orthe period for listening 35 
to the content for demonstration is limited. 

Processing for determining the purchase mode of the 
downloaded secure container 

40 

[0365] A description is now given, with reference to 
Figs. 37 and 38, of the process of the SAM 1 05^ for de- 
termining the purchase mode of the secure container 
104 downloaded from the content provider 101 to the 
download memory 167. 45 
[0366] In the subsequent processing, in determining 
the purchase mode of the secure container 1 04, the sig- 
nature data within the secure container 104 is not veri- 
fied (as stated above, the signature data is verified when 
receiving the secure container 104). However, the sig- so 
nature data may be checked in determining the pur- 
chase mode. 

[0367] Fig. 38 is a flow chart illustrating the process 
for determining the purchase mode of the secure con- 
tainer 1 04 downloaded from the content provider 1 01 to S5 
the download memory 167. 

[0368] In step S38-0, the CPU 1100 of the SAM 105i 
shown in Fig. 37 receives from the host CPU 810 the 



internal interrupt S810 instructing the SAM 105^ to de- 
termine the purchase mode of the content. 
[0369] The CPU 1 1 00 then detennines in step S38-1 
whether the internal interrupt S810 from the host CPU 
810 indicates the demonstration mode, and if so, the 
CPU 11 00 executes the processing ofstepS38-2. If not, 
the CPU 1100 executes the processing of step S38-5. 
[0370] In step S38-2, the content key data Kc and the 
partially disclosing parameter data 199 read from the 
work memory 200 are output to the A/V compression/ 
decompression SAM 163 shown in Fig. 22. Simultane- 
ously, after performing mutual authentication between 
the mutual authentication unit 1 70 of the SAM 1 05^ and 
a mutual authentication unit 220 of the A/V compres- 
sion/decompression SAM 163, the content key data Kc 
and the partially disclosing parameter data 199 are en- 
crypted and decrypted by using the session key data 

^SES- 

[0371] In step S38-3, upon receiving the internal in- 
terrupt S810 indicating the demonstration mode from 
the host CPU 810, the CPU 1100 outputs the content 
file CF stored in the download memory 167 to the /W 
compression/decompression SAM 1 63 shown in Fig. 22 
via the /W compression/decompression SAM manager 
184. 

[0372] Simultaneously, mutual authentication for the 
contentfile CF is conducted between the mutual authen- 
tication unit 1 70 and the medium SAM 1 67a of the down- 
load memory 167, and the content file CF is encrypted 
and decoded with the session key data Ks^s- Also, mu- 
tual authentication for the content file CF is performed 
between the mutual authentication unit 1 70 and the mu- 
tual authentication unit 220, and the content file CF is 
encrypted and decoded with the session key data Kg^s- 
[0373] The content file CF is decoded with the session 
key data Kqes >n a decoder 221 of the A/V compression/ 
decompression SAM 163 shown in Fig. 22, and is then 
output to a decoder 222. 

[0374] Then, in step S38-4, the decoded partially dis- 
closing parameter data 199 is output to a partially dis- 
closing processor 225 of the AJV compression/decom- 
pression SAM 163, and the content data C is decoded 
in a partially disclosing state by the decoder 222 using 
the content key data Kc under the control of the partially 
disclosing processor 225. 

[0375] The partially disclosed decoded content data 
C is decompressed in a decompression unit 223, and is 
outputtoadigital-watennark information processor 224. 
[0376] In the digital -watermark information processor 
224, the user digital information data 1 96 is embedded 
into the content data C, and then, the content data C is 
played back in the playback module 1 69 so as to output 
sound corresponding to the content data C. 
[0377] The digital-watemnark information processor 
224 also detects the digital watermark information em- 
bedded in the content data C, and determines whether 
the processing should be discontinued based on the de- 
tection result. 
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[0378] In step S38-5, when the user detennines the 
purchase mode by operating the operation unit 165, the 
internal interrupt S81 0 corresponding to the determined 
purchase mode is output from the host CPU 81 0 to the 
SAM lOSv 

[0379] Subsequently, in step S38-6, the accounting 
processor 187 of the SAM 105^ creates the usage log 
data 1 08 and the UCS data 1 66 according to the deter- 
mined purchase mode, and writes the usage log data 
1 08 to the external memory 201 via the external memory 
manager 811 and also writes the UCS data 166 to the 
work memory 200. 

[0380] Thereafter, the usage monitor 186 controls 
(monitors) the situation to make sure that the purchase 
and use of the content are controlled within the condi- 
tions allowed by the UCS data 166. 
[0381] Instep S38-7, a new key file KF-, shown in Fig. 
39C, which is discussed below, is created, and is stored 
in the download memory 1 67 or another memory via the 
download memory manager 182. 
[0382] The UCS data 1 66 stored in the key file KF^ is 
encrypted, as shown in Fig. 39C, with the storage key 
data KsTR medium key data K^^q by utilizing the 
CBC mode of the DES. 

[0383] The storage key data Kstr is data determined 
by the type of machine, such as a super audio compact 
disc (SACD) machine, a digital versatile disc (DVD) ma- 
chine, a compact disc recordable (CD-R) machine, or a 
mini disc (MD) machine, and is used for corresponding 
one type of machine to one type of recording medium. 
The medium key data K^ed 's unique to the record- 
ing medium. 

[0384] In step S38-8, in the signature processor 1 89, 
the hash value H^i of the key file KF^ is created by using 
the private key data Ksami.s SAM 105-|, and Is 

written into the work memory 200 in correspondence 
with the key file KF^ The hash value Hj^^ is used for 
verifying the integrity of the key file KF^ and*the identity 
of the creator of the key file KF^ . 
[0385] In sending the content data C with the pur- 
chase mode determined online or via a recording medi- 
um, a secure container 1 04p is created, as illustrated in 
Figs. 39A through 39D, which stores the key file KF^ and 
hash value H^^ therefor, the content file CF and signa- 
ture data SIGg CP therefor, the key file KF and signature 
data SIG7 cp, the public-key certificate data CER^p and 
signature data SIG-i ^sc therefor, and public-key certif- 
icate data CERsAMi signature data SIG22ESC 
therefor. 

[0386] As discussed above, upon determining the 
purchase mode of the secure container 1 04p, the UCS 
data 166 is created and is stored in the work memory 
200. If the purchase mode of the same secure container 
104p is re-detemnined in the SAM 105^, the UCS data 
166 stored in the work memory 200 is updated accord- 
ing to the external interrupt (operation signal) S165. 
[0387] Then, in step S38-9, the CPU 1100 checks 
whether the above-described purchase-mode deter- 



mining processing has been correctly executed, and re- 
ports the corresponding infomnation to the host CPU 81 0 
via an external interrupt. 

[0388] Alternatively, the CPU 1100 may set a flag in 
5 the SAM status register indicating whether the above- 
described purchase-mode detemnining processing has 
been correctly executed, in which case, the host CPU 
810 reads the flag by polling. 

10 Playback processing of content data 

[0389] A description is given below, with reference to 
Fig. 40, of the process for playing back the content data 
C, for which the purchase mode is determined, stored 
15 in the download memory 1 67. 

[0390] This processing is executed, assuming that the 
UCS data 1 66 is stored in the work memory 200 by the 
aforementioned purchase-mode determining process- 
ing. 

20 [0391] In step S40-0, the CPU 1100 of the SAM 105^ 
shown in Fig. 37 receives the internal interrupt S810 in- 
dicating an instruction to play back the content from the 
host CPU 810. 

[0392] In step S40-1 , the UCP data 166 is read from 

25 the work memory 200 to the usage monitor 1 86, and the 
usage monitor 186 interprets and verifies the playback 
conditions described in the UCP 1 66, and monitors the 
situation so that the subsequent playback operation is 
performed based on the UCP data 166. 

30 [0393] Then, in step S40-2, mutual authentication is 
performed between the mutual authentication unit 1 70 
shown in Fig. 37 and the mutual authentication unit 220 
of the AA/ compression/decompression SAM 163 
shown in Fig. 22, and the session key data Kg^s 

55 shared therebetween. 

[0394] In step S40-3, the playback conditions inter- 
preted and verified in step S40-1 and the content key 
data Kc read from the wori< memory 200 are encrypted 
by using the session key data Kses obtained in step 

40 S40-2, and are output to the A/V compression/decom- 
pression SAM 163. 

[0395] Accordingly, the playback conditions and the 
content key data Kc are decoded with the session key 
data KsEs the decoder 221 of the AA/ compression/ 

45 decompression SAM 163 shown in Fig. 22. 

[0396] Subsequently, in step S40-4, the content file 
CF read from the download memory 167 is encrypted 
by using the session key data Kg^g. and is then output 
to the A/V compression/decompression SAM 163. 

50 [0397] Accordingly, the content file CF is decoded 
with the session key data Kges 'n the decoder 221 of 
the A/V compression/decompression SAM 1 63. Subse- 
quently, the content data C within the content file CF is 
decompressed in the decompression unit 223 of the A/ 

55 V compression/decompression SAM 163, and the user 
digital watermark information is embedded into the de- 
compressed content data C in the digital-watermark in- 
fomnation processor 224. Then, the content data C is 
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played back in the playback module 169. 
[0398] In step S40-5, the UCS data 1 66 read in step 
S40-1 is updated if necessary, and the updated UCS 
data 1 66 is again written into the work memory 200. The 
usage log data 108 stored in the external memory 201 
is updated or newly created, 

[0399] The CPU 11 00 then determines in step S40-6 
whether the content playback processing has been cor- 
rectly performed, and reports the result to the host CPU 
810 through an external interrupt. 
[0400] Alternatively, the CPU 1100 may set a flag in 
the SAM status register indicating whether the content 
playback processing has been correctly performed, and 
the host CPU 81 0 may read the flag by polling. 

Processing to be executed when the USC data 1 66 of 
one machine is utilized for re-purchasing the content in 
another machine 

[0401] After detennining the purchase mode of the 
content file CF downloaded into the download memory 
167 of the network device 1601 , a new secure container 
1 04x storing the content file CF is created, as shown in 
Fig. 41 , and is transferred to the SAM lOSg of the AA/ 
machine I6O2 viathe bus 191 . The processing to be ex- 
ecuted in the SAM 105^ in the above-described opera- 
tion is discussed below with reference to Figs. 42 and 
43. 

[0402] The processing shown in Fig. 43 is executed, 
assuming that the key file KF^ and the hash value H^i 
shown in Fig. 44C are stored in the work memory 200 
of the SAM 105^ by the above-described purchase 
processing. 

[0403] In step S43-1, according to the user's opera- 
tion performed on the operation unit 1 65, the CPU 11 00 
of the SAM 105^ shown in Fig. 42 receives the internal 
interrupt S810 indicating an instruction to transfer the 
secure container 1 04x, for which the purchase mode is 
detemiined, to the SAM 1 052- Accordingly, the account- 
ing processor 187 updates the usage log data 108 
stored in the external memory 201 . 
[0404] Then, in step S43-2, the SAM 1 05^ checks the 
SAM registration list, which is discussed below, to verify 
the official registration of the SAM lOSg, which is to re- 
ceive the secure container 104x. If so, the SAM 105^ 
perfomns the processing of step S43-3. The SAM 105^ 
also determines whether the SAM 1 0Sg is a SAM within 
the home network. 

[0405] In step S43-3, the mutual authentication unit 
170 shares the session key data K3ES obtained after 
perfomning mutual authentication with the SAM 1052- 
[0406] In step S43-4, the SAM manager 1 90 reads the 
content file CF and the signature data SIGq cp shown in 
Fig. 39A from the download memory 211 , and controls 
the signature processor 189 to accordingly create sig- 
nature data SIG41 s^s^^^., by using the private key data 
KsAMi of the SAM iOSv 

[0407] Then, in step S43-5, the SAM manager 190 



reads the key file KF and the signature data SIGy ^p 
shown in Fig. 39B from the download memory 21 1 , and 
controls the signature processor 1 89 to accordingly cre- 
ate signature data SIG42.SAIW1 by using the private key 
5 data KsAMi of the SAM I'os^. 

[0408] Thereafter, in step S43-6, the SAM manager 
190 creates the secure container 104x shown in Figs. 
44A, 44B, and 44C. 

[0409] In step S43-7, the secure container 1 04x is en- 
10 crypted with the session key data Kqes obtained in step 
S43-3 in the encryption/decryption (decoding) unit 1 71 . 
[0410] Subsequently, in step S43-8, the SAM manag- 
er 190 outputs the secure container 104x to the SAM 
1062 of the AA/ machine I6O2 shown in Fig. 41 . In this 
case, simultaneously with mutual authentication be- 
tween the SAM 105^ and the SAM 1053, mutual authen- 
tication for the IEEE-1394 serial bus 191 is performed. 
[041 1 ] Then, in step S43-9, the CPU 1 1 00 determines 
whether the secure container 104x, for which the pur- 
20 chase mode is determined, has been correctly trans- 
ferred to the SAM 1 0Sg, and reports the result to the host 
CPU 810 through an external interrupt. 
[0412] Alternatively, the CPU 1100 may set a flag in 
the SAM status register indicating whether the secure 
25 container 1 04x has been correctly transferred to the 
SAM 1 052, sf^d the host CPU 810 may read the flag by 
polling. 

[0413] A description is now given, with reference to 
Figs. 45, 46, and 47, of the process executed within the 
30 SAM lOSg when the secure container 104x shown in 
Figs. 44A through 44D received from the SAM 105^ is 
written into the recording medium (RAM) 1 3O4 (Fig. 1 4), 
as illustrated in Fig. 41 . 

[0414] Figs. 46 and 47 are a flow chart illustrating the 

35 above-described process. 

[0415] As shown in Figs. 1 4 and 41 , the recording me- 
dium (RAM) I3O4 has the unsecured RAM area 1 34, the 
medium SAM 133, and the secure RAM area 132. 
[0416] Referring to Fig. 46, in step S46-0, the CPU 

40 1 1 00 shown in Fig. 45 receives, from the host CPU 81 0 
of the network device I6O2 shown in Fig. 41 , the internal 
interrupt S81 0 indicating an instruction to receive the se- 
cure container 104x from the network device 160^, 
[0417] In step S46-1 , the SAM 1 0Sg checks the SAM 

-^5 registration list to detemnine whether the SAM 105-,, 
which sends the secure container 104x, is officially reg- 
istered. If so, the SAM 1 063 performs the processing of 
step S46-2. The SAM 1052 also checks whether the 
SAM 105^ is a SAM within the home network. 

so [0418] In response to the processing of the above-de- 
scribed step S43-3 shown in Fig. 43, the SAM lOSg 
shares the session key Kg^s acquired by perfonning 
mutual authentication with the SAM 105^. 
[0419] In step S46-3, the SAM manager 190 of the 

55 SAM 1052 receives, as shown in Figs. 41 and 45, the 
secure container 104x from the SAM 105-, of the net- 
work device 160^. 

[0420] In step S46-4, the encryption/decryption (de- 
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coding) unit 171 of the SAM lOSg decodes the secure 
container 104x received via the SAM manager 190 by 
using the session key data Kqes obtained in step S46-2. 
[0421 ] Then, in step S46-5, the content file CF within 
the secure container 1 04x decoded by the session key 
data KsEs undergoes processing in the medium drive 
SAM manager 855 shown in Fig, 45, such as sectoriz- 
ing, adding a sector header, scrambling, error-correct- 
ing code (ECC) encoding, modulating, and synchroniz- 
ing, and is then stored in the RAM area 134 of .the re- 
cording medium (RAM) ISO^. 

[0422] In step S46-6, the signature data SIGgQp and 
SIG41 sAMi» key file KF and the signature data 
SIG7CP and SIG42 SAMI' the key file KF^ and the 
hash value thereof Hj^^, the public key signature data 
CERcp and the signature data SIG^ therefor, and 
the public key signature data CERqami and the signa- 
ture data SIG22,Esc therefor within the secure container 
1 04x, all of which are decoded with the session key data 
KsES* sf^e written into the work memory 200. 
[0423] Subsequently, in step S46-7, the signature 
processor 1 89 verifies the integrity of the public-key cer- 
tificate data GERqp and CERsami using the public 
key data K^pp read from the storage unit 192. The sig- 
nature processor 1 89 also checks the integrity of the sig- 
nature .data SIGe^cp using the public key data K^pp 
stored in the public-key certificate data CERsami as 
to verify the integrity of the creator of the content file CF. 
The signature processor 189 also checks the integrity 
of the signature data SIG4^ sami using the public key 
data KsAMi.p stored in the public-key certificate data 
CERsami so as to verify the integrity of the sender of 
the content file CF. 

[0424] In step S46-8, the signature processor 1 89 ver- 
ifies the integrity of the signature data SIGy^p and 
SIG42 

SAM1 stored in the work memory 200 by using the 
public key data K^r and Ksami.p so as to verify the send- 
er of the key file KF. 

[0425] Further, in step S46-9, the signature processor 
1 89 checks the integrity of the signature data SIG^^ esc 
stored in the key file KF shown in Fig. 44B by using the 
public key data K^scp ^^^^ trom the storage unit 192, 
thereby making it possible to verify the creator of the key 
file KF. 

[0426] Referring to Fig. 47, in step S46-1 0, the signa- 
ture processor 1 89 checks the integrity of the hash value 
H(^^ so as to verify the integrity of the creator and the 
sender of the key file KF^ . 

[0427] In this example, the creator and the sender of 
the key file KF^ are the same. However, if they are dif- 
ferent, signature data for both the creator and the sender 
are created, and the signal processor 189 verifies the 
integrity of both the signature data. 
[0428] In step S46-1 1 , the usage monitor 1 86 controls 
the purchase and usage modes of the content data C 
by using the DCS data 166 stored in the key file KF^ 
decoded in step S46-10. 

[0429] In step S46-12, upon detemnining the pur- 



chase mode by operating the operation unit 165 by the 
user, the CPU 1100 of the SAM 1063 receives the cor- 
responding internal interrupt S810. 
[0430] In step S46-13, the accounting processor 1 87 

5 updates the usage log data 108 stored in the external 
memory 201 under the control of the CPU 1100. The 
accounting processor 187 also updates the UCS data 
166 every time the purchase mode of the content data 
is determined. In this case, the UCS data 166 of the 

10 sender SAM is discarded. 

[0431] Then, in step S46-14, the encryption/decryp- 
tion (decoding) unit 173 of the SAM lOSg encrypts the 
UCS data 1 66 generated in step S46-12 by sequentially 
using the storage key data Kg-rp, the medium key data 

15 K^/iEQ, and the purchase key data Kpn^j read from the 
storage unit 192, and outputs the encrypted UCS data 
166 to the medium drive SAM manager 855. 
[0432] In step S46-15, the medium drive SAM man- 
ager 855 executes processing, such as sectorizing, 

20 adding a sector header, scrambling, ECC encoding, 
modulating, and synchronizing, on the key file KF^ hav- 
ing the updated UCS data 166, and stores it in the se- 
cure RAM area 132 of the recording medium (RAM) 
I3O4. 

25 [0433] The medium key data K^^^q has already been 
stored in the storage unit 192 by mutual authentication 
between the mutual authentication unit 1 70 of the SAM 
lOSg shown in Fig. 45 and the medium SAM 133 of the 
recording medium I3O4 shown in Fig. 41 . 

30 [0434] The storage key data Kg-pR 'S data determined 
by the type of machine (in this example, the AA/ machine 
I6O2), such as a SACD machine, a DVD machine, CD- 
R machine, or an MD machine, and is used for corre- 
sponding one type of machine to one type of recording 

55 medium. A SACD and a DVD have the same physical 
structure of a disk medium. Accordingly, data on a 
SACD can be recorded and played back by using a DVD 
machine, in which case, the storage key data Ksjr 
serves the function of preventing illegal copying. In this 

40 embodiment, encryption with the use of the storage key 
data KsxR nnay not be performed. 
[0435] The medium key data K^^q is data unique to 
the recording medium (in this example, the recording 
medium (RAM) I3O4). 

45 [0436] The medium key data K^ed 's stored in a stor- 
age medium (in this example, the storage medium 
(RAM) I3O4 shown in Fig. 41), and encryption and de- 
cryption is preferably performed by using the medium 
key data \<^^q in the medium SAM of the recording me- 

50 dium in terms of the security. In this case, if the recording 
medium is provided with a medium SAM, the medium 
key data K^^q 's stored in the medium SAM^ and if not, 
the medium key data ^m^q is stored within the RAM ar- 
ea, i.e., an area (not shown) outside the control of the 

55 host CPU 810. 

[0437] As in this embodiment, mutual authentication 
may be performed between the SAM lOSg and the me- 
dium SAM (in this example, medium SAM 133), and 
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then, the medium key data K^^go may be transferred to 
the SAM 1052 via a secure communication path, and 
encryption and decryption may be performed In the SAM 
1052 by using the medium key data Ki^ed 
[0438] In this embodiment, the storage key data K^j^ 
and the medium key data Kj^^^ may be used for pro- 
tecting the security of the physical layer of the recording 
medium. 

[0439] The purchaser key data Kpj^ is data indicating 
the purchaser of the content file CF, and if the content 
is purchased in the "sell through" mode, the purchaser 
key data Kp^^ is assigned to the user from the EMD serv- 
ice center 1 02. The purchaser key data Kp,fg is managed 
by the EMD service center 1 02. 

[0440] tn step S46-1 6, the key file KF is read from the 
work memory 200, and is written into the secure RAM 
area 132 of the recording medium (RAM) I3O4 by the 
medium drive SAM 260 shown in Fig. 41 via the medium 
drive SAM manager 855. 

[0441 ] I n step S46- 1 7, the CPU 11 00 of the SAM 1 052 
reports the result of the processing for the received se- 
cure container 1 04x to the host CPU 810 through an ex- 
ternal interrupt. 

[0442] Alternatively, the CPU 1100 may set a flag in 
the SAM status register indicating whether the above- 
described processing has been correctly performed, 
and the host CPU 810 may read the flag by polling. 
[0443] In the above-described embodiment, the key 
files KF and KF^ are recorded on the secure RAM area 
132 of the recording medium (RAM) 1304Viathe medi- 
um drive SAM 260. However, the key files KF and KF^ 
may be recorded on the medium SAM 1 33 from the SAM 
1052, as indicated by the one-dot chain line in Fig. 41. 
[0444] In the aforementioned embodiment, the se- 
cure container 104x is sent from the SAM 105-, to the 
SAM lOSg. However, the content file CF and the UCP 
data 106 may be sent from the network device 160^ to 
the AA/ machine IO62 under the control of the host 
CPUs of the network device 1 06^ and the AA/ machines 
1063. In this case, the UCS data 166 and the content 
key data Kc are sent from the SAM 105^ to the SAM 
1052- 

[0445] As a modification to the above-described em- 
bodiment, the purchase mode is detemiined in the SAM 
1 05^ , and the SAM 1 0Sg uses the UCS data 1 66 without 
detemnining the purchase mode. In this case, the usage 
log data 108 is created only in the SAM 105^, but not in 
the SAM 1 0Sg. 

[0446] In purchasing the content data C, for example, 
an album consisting of a plurality of content data C may 
be purchased. In this case, the plurality of content data 
C may be provided by different content providers 101 
(in the second embodiment, which is described below, 
the plurality of content data C may be provided by dif- 
ferent service providers 310). Alternatively, part of the 
content data C forming an album may be initially pur- 
chased, and later, the remaining content data C may be 
gradually purchased. As a result, the whole album is 



purchased. 

[0447] Fig. 48 illustrates examples of various pur- 
chase modes of the content data C. 
[0448] The network device 160^ purchases the con- 
5 tent data C which has been received from the content 
provider 1 01 by using the UCP data 1 06, and generates 
UCS data 166a. 

[0449] Similarly, the A/V machine 1 6O2 purchases the 
content data C which has been received from the con- 

^0 tent provider 101 to the network device 160., by using 
the UCP data 106, and generates UCS data 166b. 
[0450] The AA/ machine 1 6O3 copies the content data 
C purchased by the /W machine 1 eOg, and detemiines 
the usage mode by using the UCS data 1 66b created in 

'5 the A/\J machine ISOg. As a result, UCS data 166c is 
generated in the A/V machine I6O3. The A/V machine 
I6O3 also creates usage log data 108b from the UCS 
data 1 66c. 

[0451 ] The network device 1 6O4 receives the content 
20 data C which has been received from the content pro- 
vider 101 to the network device 160^ and determined 
the purchase mode in the network device 1 60^ , andthen 
detennines the purchase mode by using the UCS data 
1 66 created by the network device 1 60^ . As a result, the 
25 UCS data 166a is generated in the /W machine I6O4, 
and usage log data 108a is also created from the UCS 
data 1 66 a. 

[0452] The UCS data 166a, 166b, and 166c are re- 
spectively encrypted in the AV machines I6O4, IBOg, 
30 and 1 6O3 by using the storage key data Kqtr unique to 
the machine and the medium key data K^^^q unique to 
the recording medium, and are recorded on the corre- 
sponding recording media. 

[0453] In this embodiment, the user pays for licensing 
35 rights for the content data C rather than for property 
rights. The copying of the content data contributes to 
promotion of the content, and also satisfies the de- 
mands of the right holders of the content data in view of 
expediting the sale. 

40 

Processing for determining the purchase mode of 
content data on a recording medium (ROM) 

[0454] As shown in Fig. 49, the recording medium 
45 (ROM) 130^ shown in Fig. 11 which stores the content 
and for which the purchase mode is still undetemiined 
is distributed offline to the A/V machine I6O2 via a user 
home network 103, and the A/V machine I6O2 deter- 
mines the purchase mode. This processing is discussed 
50 below with reference to Figs. 50 and 51 . 

[0455] Referring to Fig. 51, in step S51-0, according 
to the user's operation performed on the operation unit 
165, the CPU 1100 of the SAM 1052 shown in Fig. 50 
receives the internal interrupt S810 indicating an in- 
55 struction to detemnine the purchase mode of the content 
distributed via a recording medium (ROM). 
[0456] In step S51 -T after performing mutual authen- 
tication between the mutual authentication unit 170 
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shown in Fig. 50 and the medium SAM 133 of the re- 
cording medium (ROM) 1 30^ shown in Fig. 11 , the SAM 
lOSg receives the medium key data K^^^ed ^^^^ ^^e me- 
dium SAM 1 33. If the SAM 1 0Bg already has the medium 
key data K|^ed stored therein Jt is not necessary to re- 
ceive the medium key data K^^ed* 
[0457] Then, in step S51-2, the key file KF and the 
signature data SIG7 cp therefor, and the public-key cer- 
tificate data CERcp and the signature data SIG^ esc 
therefor, which are shown in Figs. 3B and 3C, stored in 
the secure container 1 04 recorded on the secure RAM 
area 132 of the recording medium (ROM) 130^, are writ- 
ten into the work memory 200 via the medium drive SAM 
manager 855. 

[0458] In step S51 -3, after verifying the integrity of the 
signature data S!G-| gsc* signature processor 189 
extracts the public key data K^pp from the public-key 
certificate data CERcp, and verifies the integrity of the 
signature data SIG7 cp, ' the sender of the key file 
KF, by using the public key data K^pp. 
[0459] The signature processor 189 also verifies the 
integrity of the signature data SIGj^^ esc stored in the 
key file KF, i.e., the creator of the key file KF, by using 
the public key data Kescp ''^^^ from the storage unit 
192. 

[0460] Subsequently, in step S51-4, after verifying the 
integrity of the signature data SIG7 ^p and SIG^^-, ^50 
the signature processor 1 89, the key file KF is read from 
the work memory 200 and written into the encryption/ 
decryption (decoding) unit 172. 

[0461] Then, the encryption/decryption (decoding) 
unit 172 decrypts (decodes) the content key data Kc, 
the UCP data 1 06, and the SAM program download con- 
tainers SDC-, through SDC3 stored in the key file KF by 
using the license key data KD^ through KD3 of corre- 
sponding periods, and writes them into the work mem- 
ory 200. 

[0462] In step S51 -5, after conducting mutual authen- 
tication between the mutual authentication unit 170 
shown in Fig. 50 and the AA/ compression/decompres- 
sion SAM 163 shown in Fig. 49, the AA/ compression/ 
decompression SAM manager 1 84 of the SAM 1 5O2 out- 
puts the content key data Kc stored in the work memory 
200, the partially disclosing parameter data 199 stored 
In the UCP data 106, and the content data C stored in 
the content file OF read from the ROM area 131 of the 
recording medium (ROM) 130^ to the AA/ compression/ 
decompression SAM 163 shown in Fig. 49. 
[0463] Then, the /W compression/decompression 
SAM 163 decodes and decompresses the content data 
C in the partially disclosing mode by using the content 
key data Kc, and outputs it to the playback module 270. 
The content data G is then played back in the playback 
module 270. 

[0464] Thereafter, in step S51 -6, the purchase mode 
of the content is detennined according to the user's op- 
eration of the operation unit 165 shown in Fig. 49, and 
the internal Interrupt S810 Indicating the determined 



purchase mode is output to the CPU 1100 of the SAM 
1052- 

[0465] In step S51-7, the accounting processor 187 
creates the UCS data 166 according to the operation 
5 signal S165 and writes it into the work memory 200. 
[0466] In step S51 -8, the content key data Kc and the 
UCS data 1 66 are output from the work memory 200 to 
the encryption/decryption (decoding) unit 173. 
[0467] The encryption/decryption (decoding) unit 1 73 
10 then sequentially encrypts the content key data Kc and 
the UCS data 166 by using the storage key data Kstr, 
the medium key data Kj^^ed' purchaser key data 

Kpijg read from the storage unit 192, and writes them 
into the work memory 200. 
15 [0468] In step S51 -9, the medium SAM manager 1 97 
creates the key file KF^ shown in Fig. 44C from the en- 
crypted content key data Kc, the UCS data 1 66, and the 
SAM program download containers SDC^ through 
SDC3 read from the work memory 200. 
20 [0469] In the signature processor 1 89, the hash value 
of the key file KF-| shown in Fig. 44C is created, and 
is output to the medium drive SAM manager 855. 
[0470] After conducting mutual authentication be- 
tween the mutual authentication unit 170 shown in Fig. 
25 50 and the medium SAM 133 shown in Fig. 49, the me- 
dium drive SAM manager 855 writes the key file KF^ and 
the hash value H^i to the secure RAM area 132 of the 
recording medium (ROM) 130-, via the medium drive 
SAM 260 shown in Fig. 49. As a result, the recording 
30 medium 130^, for which the purchase mode is deter- 
mined, is obtained. 

[0471] Simultaneously, the UCS data 1 66 and the us- 
age log data 108 created by the accounting processor 
187 are appropriately sent from the work memory 200 
35 and the external memory 201 , respectively, to the EMD 
service center 102. 

[0472] If the key file KF is stored in the medium SAM 
133 of the recording medium (ROM) 1301, the SAM 
1052 receives the created key file KF^ from the medium 
40 SAM 133, as indicated by the one-dot chain line in Fig. 
49. In this case, the SAM 1052 writes the created key 
file KF., into the medium SAM 133. 
[0473] In step S51 -1 0, the CPU 1 1 00 of the SAM 1 0Sg 
detemnines whether the processing for detennining the 
45 purchase mode of the content distributed via the above- 
described recording medium (ROM) has been correctly 
performed, and reports the result to the host CPU 810 
through an extemal interrupt. 

[0474] Alternatively, the CPU 1100 may set a flag in 
50 the SAM status register indicating whether the above- 
described processing has been correctly performed, 
and the host CPU 810 may read the flag by polling. 

Processing for writing content data into a recording 
55 medium (RAM) after the purchase mode of the content 
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data in a recording medium (ROM) has been 
determined 

[0475] As sliown In Fig. 52, tlie secure container 1 04, 
for whicli the purchase mode is stilt undetermined, is 
read from the recording medium (ROM) 1 30^ , and a new 
secure container 104y is created in the AA/ machine 
I6O3 and is transferred to the A/V machine I6O2. The 
purchase mode of the secure container 104y Is deter- 
mined in the AA/ machine 1 6O2, and the secure contain- 
er 104y Is written Into the recording medium (RAM) 
13O5. The flow of this process is described below with 
reference to Figs. 53, 54, and 55. 
[0476] It should be noted that the transfer of the se- 
cure container 104y from the recording medium (ROM) 
130^ to the recording medium (RAM) 13O5 may be per- 
formed among any of the network device 160^ and the 
AA/ machines laOg through I6O4 shown in Fig. 1. 
[0477] Referring to the flow chart of Fig. 55, in step 
S55-0, according to the user's operation perfonned on 
the operation unit 165, the CPU 1100 shown in Fig. 53 
receives the internal interrupt S810 Indicating an in- 
struction to transfer the secure container 1 04, for which 
the purchase mode Is still undetermined, read from the 
recording medium (ROM) 130^ to the SAM lOSg. 
[0478] In step S55-1 . the SAM 1 063 checks the SAM 
registration list so as to determine whether the SAM 
1 0Sg, which Is to receive the secure container, Is official- 
ly registered. If so, the SAM IO53 perfomns processing 
of step S55-2. The SAM IO53 also checks whether the 
SAM 1 052 's a SAM within the home network. 
[0479] Then, in step S55-2. mutual authentication Is 
perfonned between the SAM IO53 and the SAM 1052 
so as to share the session key data Kqes- 
[0480] In step 855-3. mutual authentication is con- 
ducted between the SAM 1053 ofthe A/V machine I6O3 
and the medium SAM 133^ of the recording medium 
(ROM) 130i, and the medium key dataK^^gD^ ofthe re- 
cording medium 130^ is transferred to the SAM IO53. 
[0481 ] If encryption using the medium key data K^^eqi 
Is perfomned in the medium SAM 133-, of the recording 
medium (ROM) 130-,, the medium key data K^edi 's not 
transferred to the SAM 1053. 

[0482] Then, in step S55-4, mutual authentication Is 
perfonned between the SAM 1052 of the A/V machine 
1 6O2 and the medium SAM 1 335 of the recording medi- 
um (RAM) 1 3O5, and the medium key data Kf^so2 ^^e 
recording medium I3O5 is transferred to the SAM lOSg. 
[0483] If encryption using the medium key data K|^ed2 
is perfonned In the medium SAM 1335 of the recording 
medium (RAM) 13O5, the medium key data K^Eoa 's not 
transferred to the SAM lOSg. 

[0484] In step S55-5, as shown in Fig. 53, the SAM 
1063 reads the content file OF and the signature data 
SIGe.cp f^ofT^ the ROM area 131 of the recording medi- 
um (ROM) 130^ via the medium drive SAM manager 
855, and outputs them to the SAM manager 190 and 
also controls the signature processor 189 to create the 



signature data SIG350 sam3 by using the private key data 

^SAM3,S- 

[0485] In step S55-6. as shown in Fig. 53, the SAM 
1053 reads the key file KF and the signature data 

5 SIG7 CP from the secure RAM area 132 ofthe recording 
medium (ROM) 130., via the medium drive SAM man- 
ager 855, and outputs them to the SAM manager 190 
and also controls the signature processor 1 89 to create 
the signature data SIG352 sam3 by using the private key 

10 dataKsAMs.s- 

[0486] Then, In step S55-7, in the SAM 1 053, the pub- 
lic-key certificate data CERsam3 and the signature data 
S'*^351.ESC are read from the storage unit 192 to the 
SAM manager 190. 

IS [0487] In step S55-8, the secure container 104y 
shown in Figs. 54A through 54D is created In, for exam- 
ple, the SAM manager 190 of the SAM 1053. 
[0488] In step S55-9, the encryption/decryption (de- 
coding) unit 171 of the SAM IO53 encrypts the secure 
20 container 1 04y by using the session key data Kses ob- 
tained in step S55-2. 

[0489] Thereafter in step S55-1 0, the secure contain- 
er 1 04y is sent from the SAM manager 1 90 of the SAM 
1053 to the A/V machine leOg. 

25 [0490] Then, the CPU 1100 of the SAM IO53 deter- 
mines whether the above- described processing has 
been properly performed, and reports the result to the 
host CPU 810 through an external Interrupt. 
[0491] Alternatively, the CPU 1100 may set a flag in 

30 the SAM status register indicating whether the above- 
described processing has been properly executed, and 
the host CPU 810 may read the flag by polling. 
[0492] In the SAM 1052, under the control of the CPU 
1100 according to the internal Interrupt S810 from the 

35 host CPU 81 0, as shown in Fig. 57, the secure container 
104y shown in Figs. 54A through 54D input from the 
SAM 1053 via the SAM manager 190 is decoded in the 
encryption/decryption (decoding) unit 171 by using the 
session key data Kses- 

40 [0493] Then, in step S55-11 , the key file KF and the 
signature data SIG7 cp and SIG350 qams- ^he public-key 
certificate data CERg^^^g and ihe signature data 
SIG351 ,ESC' ^rid the public-key certificate data CERcp 
and the signature data SIG-, esc within the secure con- 

45 tainer 104y are written Into the work memory 200. 

[0494] In step S55-1 2, the signature processor 1 89 of 
the SAM 1052 verifies the signature data SIGg^p and 
^'^350,SAM3 stored in the secure container 1 04y, i.e., the 
integrity of the creator and the sender of the content file 

50 CR 

[0495] Then, in step S55-1 3, the content file CF is writ- 
ton into the RAM area 134 of the recording medium 
(RAM) 13O5 via the medium drive SAM manager 855. 
The content file CF may be directly written Into the RAM 
55 area 134 of the recording medium (RAM) I3O5 without 
the SAM 1052 under the control ofthe host CPU 810. 
[0496] Subsequently in step S55-14, the signature 
processor 1 89 checks the signature of the signature da- 
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ta SIG351 ECS so as to verify the integrity of the public- 
key certificate data CERsams. then verifies the in- 
tegrity of the signature data SIG7 cp, SIG352,sam3- 
SIG^i ESC ' integrity of the creator and the send- 
er of the key file KF, by using the public key data Kqams 
and the public key data K^scp stored In the public-key 
certificate data CERsam3- 

[0497] Thereafter, in step S55-15, the key file KF is 
read from the work memory 200 into the encryption/de- 
cryption (decoding) unit 172, and is decoded with the 
license key data KD^ through KD3 and is again written 
into the work memory 200. 

[0498] In step S55-16, the UCP data 106 of the de- 
coded key file KF stored in the work memory 200 is out- 
put to the usage monitor 1 86. Then, the purchase mode 
and the usage mode are managed (monitored) in the 
usage monitor 186 based on the UCP data 106. 
[0499] In step S55-1 7, by the user's operation on the 
operation unit 165 shown in Fig. 52, the purchase and 
usage modes of the content are detemnined, and the 
corresponding internal interrupt S810 is output to the 
CPU 1 1 00 of the SAM 1 052- 

[0500] In step S55-1 8, the UCS data 166 and the us- 
age log data 1 08 are created in the accounting proces- 
sor 187 based on the determined purchase and usage 
modes, and are written into the work memory 200 and 
the external memory 201 , respectively. The UCS data 
166 and the usage log data 108 are appropriately sent 
to the EMD service center 102. 

[0501] Then, in step 855-19, the content key Kc and 
the UCS data 1 66 are read from the work memory 200 
into the encryption/decryption (decoding) unit 173, and 
are sequentially encrypted by using the storage key data 
KsT-R, the medium key data K^^ed2' purchaser 
key data Kp,fj read from the storage unit 192. The en- 
crypted data are then output to the medium SAM man- 
ager 197. The key file KF is also output from the work 
memory 200 to the medium SAM manager 197. 
[0502] In step S55-20, the key file KF^ shown in Fig. 
44C is generated in the medium SAM manager 1 97, and 
is written into the medium SAM 1885 of the recording 
medium (RAM) I3O5 via the medium SAM manager 197. 
The key file KF is also written into the medium SAM 1 885 
of the recording medium (RAM) 13O5 via the medium 
SAM manager 197. 

[0503] In step S55-21 , the CPU 1 1 00 of the SAM 1 052 
determines whether the above-described processing 
has been precisely performed, and reports the result to 
the host CPU 810 through an external interrupt. 
[0504] Alternatively the CPU 1100 may set a flag in 
the SAM status register indicating whether the afore- 
mentioned processing has been accurately performed, 
and the host CPU 810 may read the flag by polling. 
[0505] The implementation method of the SAMs 1 05^ 
through 1064 is as follows. 

[0506] In implementing the functions of the SAMs 
1 05-1 through 1 064 as hardware, an application specified 
IC (ASIC)-type CPU having a built-in memory is used. 



and a security function module, a program module for 
performing content rights processing, and highly secret 
data, such as key data, are stored in the memory to im- 
plement the functions shown in Fig. 30. A series of rights 

5 processing program modules, such as an encryption li- 
brary module (public key encryption, common key en- 
cryption, a random-number generator, hash functions), 
a program module for restricting the use of the contents, 
an accounting program module, etc. are implemented 

10 as, for example, software. 

[0507] For example, a module, such as the encryp- 
tion/decryption (decoding) unit 171, is implemented as 
an IP core within an ASIC-type CPU as hardware in view 
of the processing rate. In terms of the performance, such 

15 as the clock rate or the CPU code system, the encryp- 
tion/decryption (decoding) unit 171 may be implement- 
ed as software. 

[0508] As the storage unit 1 92 and a memory for stor- 
ing program modules and data for implementing the 

20 functions shown in Fig. 30, a non-volatile memory (flash 
ROM) may be used, and a fast memory, such as an 
SRAM, may be used as the work memory. Or, a FeRAM 
may be employed as a memory integrated in the SAMs 
105^ through 1064. 

25 [0509] The SAMs 1 05^ through 1 064 also have a built- 
in timing function for checking the time and date required 
to verify the effective period and contracting period for 
the usage of the content. 

[0510] As stated above, the SAMs 1 05^ through 1 064 
30 have a high tamper-resistance structure in which the 
program modules, the data, and the processing con- 
tents are shielded from an external source. Each SAM 
sets an address space which is invisible from the corre- 
sponding host CPU by using a memory management 
35 unit (MMU) for managing the memory address of the 
host CPU. With this arrangement, highly private pro- 
grams and the contents of data stored in the memory of 
the IC of each SAM, a group of registers relating to the 
system configuration of the SAM, an encryption library, 
40 and a group of registers of clocks can be protected from 
being read or written via a host CPU bus. That is, the 
above-described data and programs of each SAM are 
protected from being in the address space assigned by 
the host CPU. 

45 [0511] The SAMs 105^ through 1064 are also resist- 
ant to physical attacks from an external source, such as 
X rays and heat. Additionally, even if real time debug- 
ging (reverse engineering) is performed by using a de- 
bugging tool (hardware in-circuit emulator (ICE) or soft- 

50 ware ICE), the processing content is invisible, or the de- 
bugging tool itself becomes unusable after manufactur- 
ing the IC. 

[0512] In terms of the hardware structure, the SAMs 
105^ through 1064 are regular ASIC-type CPUs having 
55 a built-in memor/, and the functions of the SAMs 105^ 
through 1 054 are dependent on the software which op- 
erates the CPU. However, the SAMs 1 05^ through 1 054 
are different from regular ASIC-type CPUs in that they 
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have a hardware structure provided with an encryption 
function and tannper resistance. 
[0513] On the other hand, there are two approaches 
to innplement all the functions of the SAMs 1 05^ through 
1064 as software. One approach is to perform software 
processing within a totally shielded module having high 
tannper resistance. The other approach is to perfonn 
software processing in a host CPU installed in an ordi- 
nary machine, but in which the software processing is 
very difficult to decode. In the first approach, the encryp- 
tion library module is stored in the memory as a regular 
software module rather than an intellectual property (IP) 
core, namely, it can be considered to be implemented 
as hardware. On the other hand, according to the sec- 
ond approach, tamper-resistant software is used, and 
even if the execution content is decoded by an ICE (de- 
bugger), the execution order of the tasks may be mean- 
ingless (in this case, the tasks are partitioned so that the 
single task is meaningful as a program so as not to in- 
fluence the preceding and following tasks), or the tasks 
themselves may be encrypted. That is, the functions are 
implemented as a task scheduler (MiniOS) for enhanc- 
ing the security. The task scheduler provided is embed- 
ded in a target program. 

[0514] Details of the AA/ compression/decompres- 
sion SAM 163 shown in Fig. 22 are given below. 
[0515] The AA/ compression/decompression SAM 
163 includes, as shown in Fig. 22, the mutual authenti- 
cation unit 220, the decoders 221 and 222, the decom- 
pression unit 223, the digital-watemnark information 
processor 224, and a partially disclosing processor 225. 
[0516] The mutual authentication unit 220 performs 
mutual authentication with the mutual authentication 
unit 170 of the SAM 105^ shown in Fig. 30 when the A/ 
V compression/decompression SAM 163 receives data 
from the SAM 1 05^ , and generates the session key data 

*^SES- 

[0517] The decoder221 decodes the content key data 
Kc, the partially disclosing parameter 1 99, the user dig- 
ital watermark information data 1 96, and the content da- 
ta C received from the SAM 105^ by using the session 
key data Ks^s- The decoder 221 then outputs the de- 
coded content key data Kc and the content data C to the 
decoder 222, and outputs the decoded user digital wa- 
termark Infomnation data 1 96 to the digital-watermark in- 
formation processor 224, and also outputs the partially 
disclosing parameter 1 99 to the partially disclosing proc- 
essor 225. 

[0518] The decoder 222 decodes the content data C 
in the partially disclosing state by using the content key 
data Kc under the control of the partially disclosing proc- 
essor 225, and outputs the decoded content data C to 
the decompression unit 223. The decoder 222 also de- 
codes the whole content data C with the content key da- 
ta Kc in the nomial operating mode, i.e., the mode other 
than the partially disclosing mode. 
[0519] The decompression unit 223 decompresses 
the decoded content data C and outputs it to the digital- 



watennark information processor 224. The decompres- 
sion unit 223 decompresses the content data C by us- 
ing, for example, the AA/ decompression software 
stored in the content file CF shown in Fig. 3A, according 

5 to, for example, the ATRAC3 method. 

[0520] The digital-watennark information processor 
224 embeds the user digital watennark information ac- 
cording to the decoded user digital watermark informa- 
tion data 196 into the decoded content data C so as to 

^0 create new content data C. The digital-watennark infor- 
mation processor 224 then outputs the newly created 
content data C to the playback module 1 69. 
[0521] In this manner, the user digital watermark in- 
formation is embedded into the content data C by the A/ 

'5 v compression/decompression SAM 163 when repro- 
ducing the content data C. 

[0522] In the present Invention, it may be determined 
that the user digital watermark information data 196 is 
not embedded into the content data C. 

20 [0523] The partially disclosing processor 225 informs 
the decoder 222, based on the partially disclosing pa- 
rameter 1 99, which blocks are to be decoded and which 
blocks are not to be decoded. The partially disclosing 
processor 225 may control the partially disclosing mode 

^5 by, for example, restricting the playback functions for 
demonstration or limiting the period for listening to the 
content for demonstration. 

[0524] The playback module 169 perfonns the play- 
back operation according to the decoded and decom- 

30 pressed content data C. 

[0525] Processing for registering the SAMs 105^ 
through 1064 in the EMD service center 102 when they 
are shipped is as follows. The same registration 
processing is perfomned in the SAMs 1 05^ through 1 054, 

35 and thus, only the registration of the SAM 105^ is dis- 
cussed below. 

[0526] When shipping the SAM 105^, the following 
key data is registered in the storage unit 192 shown in 
Fig. 30 via a SAM manager 149 by a key server 141 of 
40 the EMD service center 1 02. 

[0527] When the SAM 105^ is shipped, for example, 
a program used for the initial access by the SAM 1 05^ 
to the EMD service center 1 02 Is also stored in the stor- 
age unit 1 92. 

45 [0528] More specifically, the SAM 1 05^ stores in initial 
registration, for example, the Identifier SAM_ID of the 
SAM 105^, the storage key data Kstr, the public key 
data Kr^ca ^^e root certifying authority 92, the public 
key data K^scp of the EMD service center 102, the pri- 

50 vate key data Kqamls of the SAM 1 051 , the public-key 
certificate data CERsami the signature data there- 
for SIG22,ESC' ^"cl the source key data for creating the 
authentication key data between the AA/ compression/ 
decompression SAM 163 and the medium SAM, all of 

55 which have the symbol "*" attached on the left side of 
the data, as shown in Fig. 34. 

[0529] The public-key certificate data CERqami may 
be sent from the EMD service center 102 to the SAM 
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105-1 when the SAM 105^ is registered after being 
shipped. 

[0530] In shipping the SAM 1 05^ . the file reader des- 
ignating the reading format of the content file CF and 
the key file KF respectively shown In Figs. 3A and 3B is 5 
written into the storage unit 192 by the EMD service 
center 1 02. Then , in the SAM 1 05^ , the file reader stored 
in the storage unit 192 is used when reading the data 
stored in the content file CF and the key file KF. 
[0531 ] The public key data Kr.q^^ of the root certifying io 
authority 92 uses the River-Shamir-Adleman (RSA) al- 
gorithnn, which is often used in electronic commerce on 
the Intemet, and the data length is, for example, 1024 
bits. The public key data Kr.ca is issued by the root cer- 
tifying authority 92 illustrated in Fig. 1 . is 
[0532] The public key data ^esc,p ^MD service 
center 102 is generated by the elliptic curve cryptosys- 
tem, whose encryption strength is comparable to or 
higher than the RSA, and the data length is only, for ex- 
ample, 160 bits. However, considering the encryption 20 
strength, the public key data K^s^.P desirably has 1 92 
bits or greater. The EMD service center 102 registers 
the public key data K^sc p '"^ ^^e root certifying authority 
92. 

[0533] The root certifying authority 92 creates the 25 
public-key certificate data CERgsc of the public key data 
Kesc.p- public-key certificate data CER^sc storing 
the public key data K^qcp 's stored in the storage unit 
192 preferably when shipping the SAM 105^. In this 
case, the public-key certificate data CEResc 's signed 30 
with the private key data Krqot.s the root certifying 
authority 92. 

[0534] The EMD service center 1 02 generates a ran- 
dom number so as to create the private key data Ks^mi .s 
of the SAM 105^ and also creates the public key data 35 
KgAMi .p t° s pair with the private key data Kqamls- 
[0535] The EMD service center 102 also acquires a 
certificate from the root certifying authority 92 so as to 
issue the public-key certificate data CERsami of the 
public key data Ksami,p. ^"^1 attaches signature data 40 
with the private key data K^scs of the EMD service 
center 102. That is, the EMD service center 102 serves 
as a second certifying authority. 

[0536] The unique identifier SAM_ID is assigned to 
the SAM 105^ from the EMD service center 102 under ^5 
the control of the EMD service center 102. The unique 
identifier SAM_ID is stored in the storage unit 192 and 
is also managed by the EMD service center 102. 
[0537] After being shipped, the SAM 1 05-| is connect- 
ed to the EMD service center 1 02 by, for example, a us- so 
er, and is registered. Then, the license key data KD^ 
through KD3 are transferred from the EMD service cent- 
er 102 to the storage unit 192. 

[0538] That Is, the user of the SAM 105^ is required 
to register in the EMD service center 1 02 before down- ss 
loading the content. This registration Is perfomned of- 
fline, such as by mail, with a registration sheet attached 
to the machine (in this example, the network device 



160^) on which the SAM 105^ is loaded by filling in in- 
formation for specifying the user (user name, address, 
contact telephone number gender, settlement account, 
login name, password, etc.). Until the above-described 
registration has been conducted, the user is unable to 
use the SAM 105^. 

[0539] The EMD service center 102 issues an identi- 
fier USER JD unique to the user according to the user's 
registration, and manages the relationship between the 
SAMJD and the USERJD, which is used for settling 
the account. 

[0540] The EMD service center 102 also assigns an 
infomnation reference identifier ID and a password, 
which is for initial use of the user of the SAM 105-,, and 
reports them to the user. The user makes a query to the 
EMD service center 1 02 about, for example, the current 
usage situation of the content data (usage log) by using 
the information reference identifier ID and the password. 
[0541] The EMD service center 102 makes a query 
to, for example, a credit card company to check the iden- 
tity of the user, or to the user offline about the identity of 
himself/herself in the user registration. 
[0542] A description is now given of the process for 
storing the SAM registration list in the storage unit 192 
within the SAM 105^, as shown in Fig. 34. 
[0543] The SAM lOS^ shown in Fig. 1 obtains the 
SAM registration list of the SAMs lOSg through 1064, 
which are in the same system as the SAM 105^, by uti- 
lising a topology map created when a machine connect- 
ed to the bus 191, for example, an IEEE-1394 serial bus, 
is powered on, or when a new machine is connected to 
the bus 191. 

[0544] The topology map is created according to the 
bus 1 91 , not only for the SAMs 1 05^ through 1 064, but 
also for SCMS processing circuits lOSg and 1 05q of A/ 
V machines 1 6O5 and 1 60g which are also connected to 
the bus 191, as Illustrated in Fig. 58. Accordingly, the 
SAM lOS^ creates the SAM registration list shown in Fig. 
59 by extracting the information about the SAMs 105^ 
through 1064 from the topology map. 
[0545] The SAM 105^ then registers the SAM regis- 
tration list shown in Fig. 59 in the EMD service center 
102 so as to obtain the signature, 
[0546] The aforementioned processing is automati- 
cally executed by the SAM 1 05^ by utilizing the session 
of the bus 191, and the SAM 1 05^ issues the registration 
command of the SAM registration list to the EMD service 
center 102. 

[0547] Upon receiving the SAM registration list shown 
in Fig. 59 from the SAM 105^, the EMD service center 
1 02 checks the effective period, and also checks for the 
settlement function designated by the SAM 105-, during 
registration. The EMD service center 102 refers to the 
prestored revocation list {certificate revocation list 
(CRL)) shown in Fig. 60 and sets the revocation flag 
within the SAM registration list. The revocation list is a 
list of the SAMs which are prohibited from being used 
(have become invalid) due to illegal use. In perfonning 
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communication between the SAMs, each SAM checks 
the revocation list for whether the corresponding SAM 
has become invalid, in which case, the communication 
therebetween is discontinued. 

[0548] In settling the account, the EMD service center 
102 checks the SAM registration list of the SAM 105i 
for whether the SAMs described in the list are contained 
in the revocation list The EMD service center 102 also 
attaches the signature to the SAM registration list. 
[0549] As a result, the SAM registration list shown in 
Fig. 61 is created. 

[0550] The SAM revocation list is fonned for SAMs In 
the same system (i.e. , SAMs connected to the bus 191), 
and indicates whether each SAM is invalid according to 
a revocation flag for the corresponding SAM. 
[0551] The revocation list CRL is preferably updated 
automatically within the SAM according to, for example, 
updating data sent from the EMD service center 102 to 
the SAM. The security functions of the SAM are as fol- 
lows. 

[0552] As the security functions, the SAM possesses 
IP components of the encryption library, such as DES 
of the common key cryptosystem (Triple DES/advanced 
encryption standard (AES)), the elliptic curve cryptosys- 
tem of the public key cryptosystem (signature creation/ 
checking EC-DSA, common key creation EC-D. H.,and 
public key cryptosystem EC-Elgamal), compression 
function (hash function) SHA-1 , and a random-number 
generator (intrinsic random number). 
[0553] The public key cryptosystem (elliptic curve 
cryptosystem) is employed for mutual authentication, 
signature creation, signature checking, and common 
key (session key) creation (delivering). The common 
key cryptosystem (DES) is employed for encrypting and 
decoding the content, and compression functions (hash 
functions) are employed for message authentication in 
signature creation and checking. 
[0554] Fig. 62 illustrates the security functions of the 
SAM. There are two types of security functions man- 
aged by the SAM: (1) a security function in the applica- 
tion layer for encrypting and decoding the content, and 
(2) a security function in the physical layer for securing 
a communication path by performing mutual authentica- 
tion with another SAM. 

[0555] In the EMD system 100, the content data C to 
be distributed is wholly encrypted, and a key is pur- 
chased upon settling the account. Since the UCP data 
1 06 is sent together with the content data C according 
to the in-band system, it is managed in a layer independ- 
ent of the type of network medium. It is thus possible to 
provide a common rights processing system independ- 
ent of the type of communication path, such as a satel- 
lite, terrestrial waves, cable, radio, or a recording medi- 
um. For example, when the UCP data 106 Is inserted 
into the header of the protocol of the physical layer of a 
network, even for the same type of UCP data 106. it is 
necessary for each network to detennine where the 
header the UCP data 106 is inserted. 



[0556] In this embodiment, the content data C and the 
key file KF are encrypted for protection by the applica- 
tion layer. Mutual authentication may be performed in 
the physical layer, the transport layer, or the application 

5 layer. Integrating the encryption function into the phys- 
ical layer means integrating the encryption function into 
hardware. Mutual authentication is desirably performed 
in the physical layer since the main object of perfonning 
mutual authentication is to ensure a communication 

10 path between the sender and the receiver. In actuality, 
however, mutual authentication is often implemented in 
the transport layer while being independent of the trans- 
mission channel. 

[0557] The security functions of the SAM include mu- 

15 tual authentication for verifying the integrity of another 
SAM to communicate with, and encryption and decryp- 
tion (decoding) of content data which involves account- 
ing processing In the application layer 
[0558] Generally, mutual authentication between 

^0 SAMs for performing communication between ma- 
chines is implemented in the application layer. However, 
it may be implemented in another layer, such as the 
transport layer or the physical layer 
[0559] Mutual authentication to be implemented in the 

^5 physical layer utilizes 5C1394CP (content protection). 
According to 1394CP, M6, which is the common key 
cryptosystem, is implemented In the isochronous chan- 
nel of a 1394LINKIC (hardware). Mutual authentication 
(elliptic curve cryptosystem or common key cryptosys- 

30 tem using hash functions) is then perfonned with an 
asynchronous channel and the resulting session key is 
transferred to M6 of the isochronous channel. As a re- 
sult, the common key cryptosystem is implemented by 
M6. 

35 [0560] If mutual authentication between SAMs is im- 
plemented in hardware of the physical layer, the session 
key obtained by performing mutual authentication using 
the public key cryptosystem (elliptic curve cryptosys- 
tem) Is transferred to M6 of 1394LINKIC via the host 

40 CPU, thereby encrypting the content data C by using 
the above-described session key together with the ses- 
sion key obtained by 1394CP. 

[0561] If mutual authentication between SAMs is per- 
formed in the application layer, the content data C is en- 

45 crypted by utilizing the common key cryptosystem li- 
brary (DES/Triple DES/AES) within the SAM. 
[0562] In this embodiment, for example, mutual au- 
thentication between the SAMs is implemented in the 
application layer, and mutual authentication by 1394CP 

50 is implemented in the physical layer (hardware), such 
as 1394LINKIC. 

[0563] In this case, encryption and decryption (decod- 
ing) of the content data C which involves accounting 
processing is performed in the application layer How- 
55 ever, the application layer is easy to access by the user 
and may be analyzed unlimitedly. Accordingly, in this 
embodiment, accounting-related processing is execut- 
ed within high tamper-resistant hardware in which the 
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processing content is fully protected from being nnoni- 
tored from an external source. This is the major reason 
for implementing the SAM as high tarn per- resistant 
hardware. 

[0564] If accounting processing is executed within the 
host CPU, tamper-resistant software is implemented in 
the CPU. 

[0565] A description is now given, with reference to 
Fig. 63, of an example of implementation of various 
SAMs within, for example, the network device 160^ of 
the user home network 103 shown in Fig. 1 . 
[0566] The network device 160^ includes, as shown 
in Fig. 63, the host CPU 81 0^ , the SAM 1 051 , the down- 
load memory 167, the medium drive SAM 260, a drive 
CPU 1003, and a shock proof (anti-vibration) memory, 
such as a dynamic RAM (DRAM) 1004. 
[0567] Part of the download memory 1 67 and part of 
the shock proof memory 1 004 are used as a common 
memory, which can be accessed from both the SAM 
1 05i and the host CPU 81 0^ . 

[0568] The shock proof memory 1 004 stores the con- 
tent data C received via a data bus 1 002, and then out- 
puts it to the AA/ compression/decompression SAM 
163. This makes it possible to sequentially output the 
content data C to the AA/ compression/decompression 
SAM 163 even if the reading operation of the content 
data C from the recording medium 1 30 is interrupted due 
to, for example, vibrations. It is thus possible to effec- 
tively prevent the interruption of the playback operation 
of the content data C. 

[0569] The download memory 1 67 is connected to the 
host CPU bus 1000 via a module 1005 which consists 
of a memory controller and a bus arbiter/bridge. 
[0570] Fig. 64 illustrates the detailed configuration of 
the module 1 005 and the peripheral circuits. The module 
1005 includes, as shown in Fig. 64, a controller 1500 
and a bus arbiter/bridge 1501. 

[0571] The controller 1500 serves as a DRAM inter- 
face (i/F) when a DRAM is used as the download mem- 
ory 1 67, and has a read/write (r/w) line, an address bus, 
a CAS line, and a RAS line to communicate with the 
download memory 167. 

[0572] The bus arbiter/bridge 1501 conducts arbitra- 
tion of the host CPU bus 1000, and has a data bus to 
communicate with the download memory 167, and also 
has a r/w line, an address bus, a ready line, and has a 
chip select (CS) line, a r/w line, an address bus, a data 
bus, and a ready line to communicate with the SAM 
105^. The bus arbiter/bridge 1501 is connected to the 
host CPU bus 1000. 

[0573] The bus arbiter/bridge 1501, the host CPU 
810^, and the SAM 1 05., are connected to the host CPU 
bus 1 000. The host CPU bus 1 000 has a CS line, a r/w 
line, an address bus, a data bus. and a ready line. 
[0574] The download memory 167 and the shock 
proof memory 1 004 store the above-described content 
f ile CF and the key file KF. The storage area of the shock 
proof memory 1 004 other than the storage area used as 



the common memory is employed for temporarily stor- 
ing the content data C received from the medium drive 
SAM 260 via the data bus 1 002 until the content data C 
is output to the A/V compression/decompression SAM 
5 163. 

[0575] The A/V compression/decompression SAM 
163 transfers data to the download memory 167 via the 
host CPU bus 1000, and also transfers data to the me- 
dium drive SAM 260 via the data bus 1 002. 
10 [0576] Not only the download memory 167, but also 
the SAM 105^, the A/V compression/decompression 
SAM 163, and a DMA 1010, are connected to the host 
CU bus 1000. 

[0577] The DMA 1010 centrally controls access to the 
15 download memory 167 via the host CPU bus 1000 ac- 
cording to a command from the host CPU 810^. 
[0578] The host CPU bus 1000 is also employed for 
communication with the other SAMs, i.e., the SAMs 
lOSg through 1064, within the user home network 103 
20 by using a 1394-serial interface link layer. 

[0579] The drive CPU 1003, the medium drive SAM 
260, an RF amplifier 1006, a medium SAM interface 
1007, and a DMA 1011 are connected to a drive CPU 
bus 1001. 

25 [0580] The drive CPU 1003 centrally controls access 
to the disk-type recording medium 130 according to a 
command from the host CPU 81 0^ . In this case, the host 
CPU 810., serves as a master, while the drive CPU 1003 
serves as a slave. The drive CPU 1003 is handled as 

30 an I/O as viewed from the host CPU 81 0^ . 

[0581 ] The drive CPU 1 003 encodes and decodes da- 
ta in accessing to the recording medium (RAM) 130. 
[0582] When the recording medium (RAM) 1 30 is set 
in a drive, the drive CPU 1003 detemnines whether the 

35 recording medium 130 is suitable for the SAM 105^ 
(EMD system 100) (i.e., whether rights processing can 
be safely performed on the recording medium 130 by 
the SAM 105^). If so, the drive CPU 1003 reports the 
corresponding information to the host CPU 81 0^ and al- 

40 so instructs the medium drive SAM 260 to perfomri mu- 
tual authentication with the medium SAM 133. 
[0583] The medium SAM interface 1 007 serves as an 
interface for access to the medium SAM 133 of the re- 
cording medium 130 via the drive CPU bus 1 001 . 

45 [0584] TheDMAIOII centrally controls access to the 
shock proof memory 1004 via the drive CPU bus 1001 
and the data bus 1 002 according to a command from 
the drive CPU 1003. The DMA 1011 controls, for exam- 
ple, data transfer between the medium drive SAM 260 

50 and the shock proof memory 1004 via the data bus 
1002. 

[0585] According to the configuration shown in Fig. 
63, for example, in performing communication, such as 
mutual authentication between the SAM 1051 and the 
55 medium SAM 133 of the recording medium 130, data 
transfer is conducted therebetween via the host CPU 
bus 1000, the host CPU 810-,, a register within the drive 
CPU 1003, the drive CPU bus 1001, and the medium 
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SAM interface 1007 based on the control of the host 
CPU 810i. 

[0586] In accessing the recording medium 130, mu- 
tual authentication is conducted between the medium 
drive SAM 260 and the medium SAM 133. 
[0587] In compressing or decompressing data in the 
AA/ compression/decompression SAM 163 in order to 
access the download memory 167 or the shock proof 
memory 1004, as discussed above, mutual authentica- 
tion is performed between the SAM 105^ and the AN 
compression/decompression SAM 163. 
[0588] In this embodiment, in Fig. 63, the SAM 105^ 
and the AA/ compression/decompression SAM 163 are 
handled as devices connected to the I/O interface, as 
viewed from the host CPU 81 0^. Communication and 
data transfer of the SAM 1 05 1 and the AA/ compression/ 
decompression SAM 1 63 with the host CPU 81 0^ is per- 
formed under the control of a memory I/O and address 
decoder 1020. In this case, the host CPU 810^ serves 
as a master, while the SAM 1 05^ and the A/V compres- 
sion/decompression SAM 163 serve as slaves. The 
SAM 1051 and the A/V compression/decompression 
SAM 163 execute processing instructed by the host 
CPU 810^, and reports the results to the host CPU 81 0^ 
if necessary. 

[0589] The medium SAM 133 and the medium drive 
SAM 260 are handled as devices connected to the I/O 
interface, as viewed from the drive CPU 1 003. Commu- 
nication and data transfer of the medium SAM 133 and 
the medium drive SAM 260 with the drive CPU 1003 is 
perfomned under the control of a memory I/O and ad- 
dress decoder 1021. In this case, the drive CPU 1003 
serves as a master, while the medium SAM 1 33 and the 
medium drive SAM 260 serve as slaves. The medium 
SAM 133 and the medium drive SAM 260 execute 
processing instructed by the drive CPU 1003 and re- 
ports the results to the drive CPU 1003 if necessary. 
[0590] Access control to the content file CF and the 
key file KF stored in the download memory 167 and the 
shock proof memory 1004 may be centrally performed 
by the SAM 105^. Alternatively, access control to the 
content file CF may be performed by the host CPU 81 0^, 
and access control to the key file KF may be perfomned 
by the SAM 105^. 

[0591] The content data C read from the recording 
medium 130 by the drive CPU 1003 is stored in the 
shock proof memory 1 004 via the RF amplifier 1 006 and 
the medium drive SAM 260, and is then decompressed 
in the A/V compression/decompression SAM 163. The 
decompressed content data is converted into analog da- 
ta in a digital-to-analog (D/A) converter, and sound 
based on the converted analog signal is output from a 
speaker. 

[0592] In this case, the shock proof memory 1 004 may 
temporarily store the content data C consisting of a plu- 
rality of tracks, which are non-continuously read from 
storage areas discretely located in the recording medi- 
um 1 30, and then continuously output the content data 



C to the A/V compression/decompression SAM 1 63. 
[0593] The master-slave relationships of the various 
SAMs within the user home network 103 shown in Fig. 
63 are described below. 

5 [0594] For example, when the content data C, for 
which the purchase mode is determined, is recorded on 
the recording medium 1 30, as shown in Fig, 65, the host 
CPU 81 0^ outputs an internal interrupt to instruct the 
SAM 105^, which serves as an I/O device, to determine 

^0 the purchase mode of the content data C, and also to 
perform mutual authentication with the medium SAM 
133 of the recording medium 130, thereby recording 
content data C on the recording medium 130. 
[0595] In this case, the host CPU 810^ serves as a 

^5 master, while the SAM 105^ and the recording medium 
1 30 serve as slaves. The recording medium 1 30 is han- 
dled as an I/O device as viewed from the host CPU 81 0^ . 
[0596] In response to the internal Interrupt from the 
host CPU 81 0i, the SAM 105^ communicates with the 

20 medium SAM 133 to determine the purchase mode of 
the content data C and also writes predetermined key 
data, such as the content key data Kc, into the medium 
SAM 133. Upon completion of this processing, the SAM 
105^ reports the processing result to the host CPU 81 

25 through an external interrupt or by polling of the host 
CPU 810-,, 

[0597] In playing back the content data C, for which 
the purchase mode is determined, recorded on a record- 
ing medium, an instruction to play back the content data 

30 c is given, as illustrated in Fig. 66, from the host CPU 
81 Oi to the SAM 105^ through an Internal interrupt. 
[0598] In response to the internal interrupt, the SAM 
105i reads a key data block, such as the key file KF, 
from the medium SAM 133 of the recording medium 

35 1 30, and executes processing for playing back the con- 
tent data C based on the UCS data 166 stored in the 
key data block. 

[0599] The SAM 105^ outputs an internal interrupt to 
instruct the /W compression/decompression SAM 163 
^0 to decompress the content data C read from the record- 
ing medium 130, 

[0600] Upon receiving the internal Interrupt from the 
SAM 105-,, the NV compression/decompression SAM 
163 descrambles the content data C read from the re- 

45 cording medium 130, embeds and detects the digital 
watermark Intonnation, and decompresses the content 
data. Then, the A/V compression/decompression SAM 
163 outputs the processed content data C to the D/A 
converter so as to play back the content data C. 

50 [0601 ] After completion of the playback operation , the 
A/V compression/decompression SAM 163 reports the 
corresponding information to the SAM 105-,. 
[0602] Upon receiving the above-described informa- 
tion, the SAM 105., reports it to the host CPU 810., via 

55 an external interrupt. 

[0603] In this case, In the relationship between the 
host CPU 81 0^ and the SAM 1 05., , the host CPU 81 0^ 
serves as a master, while the SAM 105, serves as a 
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slave. In the relationship between the SAM 1 05^ and the 
AA/ compression/decompression SAM 163, the SAM 
105^ serves as a master, while the AA/ compression/ 
decompression SAM 163 serves as a slave. 
[0604] Although in this embodiment the A/V compres- 
sion/decompression SAM 1 63 is the slave for the SAM 
105^, it may be a slave for the host CPU 81 0^ 
[0605] If the content data recorded on the recording 
medium 130 is played back without performing rights 
processing of the content data, as shown in Fig. 67, the 
host CPU 810^ outputs an intemal interrupt to instruct 
the A/V compression/decompression SAM 1 63 to exe- 
cute playback processing. The host CPU 81 0^ also out- 
puts an internal interrupt to instruct the medium drive 
SAM 260 to read the content data from the recording 
medium 130. 

[0606] Upon receiving the intemal intenrupt, the me- 
dium drive SAM 260 decodes the content data read from 
the recording medium 130 in the decoder, and then 
stores it in the shock proof memory 1004. Upon com- 
pletion of this processing, the medium drive SAM 260 
reports the corresponding information to the host CPU 
810 through an external interrupt. 

[0607] The content data stored in the shock proof 
memory 1004 is read into the /W compression/decom- 
pression SAM 163, and undergoes processing, such as 
descrambling, embedding and detecting digital water- 
mark infomnation, and decompressing, and is then 
played back via the D/A converter. 
[0608] Upon completion of this processing, the A/V 
compression/decompression SAM 163 reports this in- 
formation to the host CPU 81 0^ through an extemal in- 
terrupt. 

[0609] In this case, the host CPU 81 0^ serves as a 
master, while the A/V compression/decompression 
SAM 163 and the medium drive SAM 163 serve as 
slaves. 

[0610] Circuit modules for implementing the above- 
described functions of the SAMs within the user home 
network 1 03 are discussed below. 
[061 1 ] As discussed above, the SAMs with in the user 
home network 1 03 Include the SAMs 1 05 (1 05., through 
1064) for performing rights processing (profit distribu- 
tion), such as determining the purchase mode, the me- 
dium SAM 133 disposed in a recording medium, the A/ 
V compression/decompression SAM 163, and the me- 
dium drive SAM 260. Circuit modules provided for the 
above-described SAMs are as follows. 

Example of rights processing SAM 

[0612] Fig. 68 illustrates a circuit module for a rights 
processing SAM 105a. 

[0613] The SAM 105a is tamper-resistant hardware 
(equivalent to a circuit module of the present Invention) 
including, as shown in Fig. 68, a CPU 1100, a DAM 1101, 
a MMU 1102, an I/O module 1103, a mask ROM 1104. 
a non-volatile memory 1105, a work RAM 1106, a public 



key encryption module 1107, a common key encryption 
module 1 1 08, a hash function module 1 1 09, an (intrinsic) 
random-number generator 1 1 1 0, a real time clock mod- 
ule 1111, and an external bus l/F 111 2. 

5 [0614] The relationship between the elements of the 
rights processing SAM 105a and those of the present 
invention is as follows. The CPU 1100 corresponds to 
an arithmetic processing circuit. The mask ROM 1104, 
the non-volatile memory 1 1 05, and the work RAM 1 1 06 

10 correspond to a storage circuit. The common key en- 
cryption module 1108 corresponds to an encryption 
processing circuit. The external bus l/F 1112 corre- 
sponds to an external bus interface. 
[0615] As will be discussed below with reference to 

15 Fig. 69, intemal buses 1120 and 1121 correspond to a 
first bus of the present invention, and an extemal bus 
1 1 23 corresponds to a second bus of the present inven- 
tion. 

[0616] The internal bus 1120 also corresponds to a 
20 third bus, and the internal bus 1 121 also corresponds to 
a fourth bus. 

[0617] The extemal bus l/F 1 1 1 2 corresponds to a first 
interface circuit, and a bus l/F circuit 1116 corresponds 
to a second interface circuit. 
25 [0618] An internal bus 11 22 corresponds to a fifth bus, 
an I/O modute'corresponds to a third interface circuit, 
and a bus l/F circuit 1117 corresponds to a fourth inter- 
face circuit. 

[0619] A brief description of the relationship between 

30 the function module of the SAM 105-, shown in Fig. 30 
and the circuit module shown in Fig. 68 is given below. 
[0620] The CPU 1100 executes, for example, pro- 
grams stored in the mask ROM 1 1 04 and the non-vola- 
tile memory 1105, so as to implement the functions of 

35 the CPU 1100, the accounting processor 187, and the 
usage monitor 186 shown in Fig. 30. 
[0621 J The DMA 1 1 01 centrally controls access to the 
download memory 167 shown in Fig. 22 and the storage 
unit 192 shown in Fig. 30 in response to a command 

40 from the CPU 1100. 

[0622] The MMU 1 1 02 manages the address spaces 
of the download memory 1 67 shown in Fig. 22 and the 
storage unit 192 shown in Fig. 30. 
[0623] The I/O module 1103 Implements part of the 

45 functions of the medium SAM manager 197 shown in 
Fig. 30. 

[0624] The mask ROM 1104 stores fixed programs 
and data, such as an initializing program and an integrity 
check program for the SAM 105a, when manufacturing 

50 the SAM 105^, and implements part of the functions of 
the storage unit 192 shown in Fig. 30. 
[0625] The non-volatile memory 1 1 05 stores variable 
programs and data, such as encryption programs and 
key data, and implements part of the functions of the 

55 storage unit 192 shown in Fig. 30. 

[0626] The work RAM 1106 corresponds to the work 

memory 200 illustrated in Fig. 30. 

[0627] The public key encryption module 1 1 07 imple- 
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ments part of the functions of the signature processor 
1 89 illustrated in Fig. 30, and is used for performing mu- 
tual authentication with the medium SAM 1 33 according 
to the public key cryptosystem, creating signature data 
of the SAM 105, checking signature data (of the EMD 
service center 1 02, the content provider 1 01 , and, in the 
second embodiment, the service provider 31 0), encryp- 
tion and decryption of a small amount of data (such as 
the key file KF) to be transferred, and sharing a key. The 
public key encryption module 1 1 07 may be implemented 
as a circuit module (hardware (H/W) IP solution), or may 
be implemented by executing a public key encryption 
program stored in the non-volatile memory 1105 by the 
CPU 1100 (software (S/W) IP solution). 
[0628] The common key encryption module 1108 im- 
plements part of the functions of the signature processor 
1 89 and the encryption/decryption (decoding) units 1 71 , 
1 72, and 1 73, and is used for perfomning mutual authen- 
tication and encrypting and decrypting data by using the 
session key data Kses obtained by mutual authentica- 
tion. The common key cryptosystem realizes much fast- 
er processing than the public key cryptosystem, and is 
thus used for, for example, encrypting and decrypting a 
large amount of content data (content file CF) . The com- 
mon key encryption module 1108 may be implemented 
as a circuit module (H/W IP solution), or may be imple- 
mented by executing the common key encryption pro- 
gram stored in the non-volatile memory 1105 by the 
CPU 1100 (S/W IP solution). 

[0629] Mutual authentication is achieved by encryp- 
tion and decryption of one or both of the public key en- 
cryption module 1107 and the common key encryption 
module 1108. 

[0630] The common key encryption module 1108 de- 
codes the content key data Kc with the license key data 
KD. 

[0631] The hash function module 1109 implements 
part of the functions of the signature processor 189 
shown in Fig. 30, and is used for generating hash values 
of data for which signature data is to be created. More 
specifically, the hash function module 1109 is used for 
checking the signature data of the content provider 1 01 
and the EMD service center 1 02, and also checking the 
hash value of the key file KF^ of the secure contain- 
er 104x illustrated in Figs. 44A through 44D. The hash 
function module 1109 may be implemented as a circuit 
module (H/W IP solution), or may be implemented by 
executing a hash circuit module program stored in the 
non-volatile memory 1 1 05 by the CPU 1 1 00 (S/W IP so- 
lution). 

[0632] The random-number generator 1110 imple- 
ments part of the functions of the mutual authentication 
unit 170 illustrated in Fig. 30. 

[0633] The realtimeclock module 11 11 generates real 
time, which is used for selecting the license key data KD 
with an effective period, or determining whether the re- 
quirements of an effective period indicated by the UCS 
data 1 66 are satisfied. 
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[0634] The external bus l/F 1112 implements part of 
the functions of the content provider manager 1 80, the 
download memory manager 182, and the EMD service 
center manager 185 shown in Fig. 30. 
5 [0635] Fig. 69 illustrates the hardware configuration 
within the SAM 105a. In Fig. 69, the same elements as 
those shown in Fig. 68 are designated with like refer- 
ence numerals. 

[0636] As shown in Fig. 69, within the SAM 1 05a, the 
10 CPU 1100, the mask ROM 1104, and the non-volatile 
memory 1 1 05 are connected to each other via the SAM/ 
CPU bus 1120. 

[0637] The DMA 1 1 01 is connected to the internal bus 
1121. An |2C interface 1130, a medium SAM interface 
15 1131, a Memory Stick (MS) interface 1132, and an IC 
card interface 1133 are connected to the internal bus 
1122. 

[0638] The medium SAM interface 1131 transfers and 
receives data to and from the medium SAM 133 of the 
20 recording medium 130. The MS interface 1132 transfers 
and receives data to and from a memory stick 1 140. The 
IC card interface 1 1 33 transfer and receives data to and 
from an IC card 1141. 

[0639] The public key encryption module 1107, the 
25 common key encryption module 1108, the hash function 
module 1109, the random-number generator 1110, the 
real time clock module 1111, the external bus l/F 1112, 
and an external memory l/F 1142 are connected to the 
external bus 1123. 
30 [0640] The host CPU bus 1000 shown in Fig. 63 is 
connected to the external bus l/F 1 11 2. and the external 
memory 201 shown in Fig. 63 is connected to the exter- 
nal memory l/F 1142. 

[0641] The SAM/CPU bus 1 120 and the internal bus 
35 1121 are connected via the bus interface 1116. The in- 
ternal buses 1122 and 1121 are connected via the bus 
interface 1117. The internal bus 1121 and the external 
bus 1123 are connected via a bus interface 1115. 
[0642] The above-described SRAM 1155 and the 
40 SAM status register 1 1 56 are stored in the bus interface 
1115. 

[0643] As stated above, the SAM status register 1 1 56 
has the first SAM status register 1156a and the second 
SAM status register 1156b. A flag indicating the status 

45 of the SAM 1051 read by the host CPU 81 0^ is set in 
the first SAM status register 1156a. A flag indicating 
whether a request to execute a task has been output 
from the host CPU 81 0^ is set in the second SAM status 
register 1 1 56b, and this flag is read from the CPU 1 1 00 

50 of the SAM 105^. 

[0644] The DMA 1101 centrally controls the mask 
ROM 1 1 04, the non-volatile memory 1 1 05, and the work 
RAM 1106 via the internal bus 1121 in response to a 
command from the CPU 1100. 

55 [0645] AMMU 1113 manages memory spaces of the 
mask ROM 1104, the non-volatile memory 1105, the 
work RAM 1 1 06, and the download memory 1 67 shown 
in Fig. 63. 
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[0646] An address decoder 1114 performs address 
conversion when data is transferred between the inter- 
nal bus 1121 and the external bus 1123. 
[0647] A writing lock control circuit 1 1 35 controls writ- 
ing and erasing of each block of data into and from a 
flash ROM based on the lock key data of the CPU 11 00. 
[0648] The address space of the rights processing 
SAM 1 05a is described below. 

[0649] Fig. 70 illustrates the address space of the 
rights processing SAM 105a. The address space con- 
tains: starting from the start address, a boot program, 
the system configuration, a flash ROM, predetermined 
programs, a device driver for the flash ROM, a device 
driver for a non-volatile memory, the work RAM 1106 
shown in Fig. 69, predetermined progranns, the SRAM 

1155 shown in Fig. 69, the external memory 201, 
Key_TOC/File_System, a SAM registration list, the us- 
age log data 1 08, a register for the common key encryp- 
tion module 1108 shown in Fig. 69, a register for the pub- 
lic key encryption module 1107 shown in Fig. 69, a reg- 
ister for the hash function module 1109 shown in Fig. 
69, a register for the random-number generator 1110 
shown in Fig. 69, a register for the real time clock module 
1111 shown in Fig. 69, a current time register, an effec- 
tive period register, a control register, an IC card inter- 
face, a medium SAM interface, a Memory Stick inter- 
face, and an |2c bus interface. 

[0650] In the field of the address space assigned to 
the system configuration, the DMA 1101 and the SAM 
status register 1156 shown in Fig. 69 are stored. 
[0651] In the field of the address space assigned to 
the flash ROM, a main routine (kernel), interrupt pro- 
grams, sub-routines called by the interrupt programs, a 
command analyzer (table indicating the relationship be- 
tween the commands and start addresses of the inter- 
rupt programs), and an interrupt vector table are stored. 
[0652] In the address space of the SAM 1 05a illustrat- 
ed in Fig. 70, the SAM status register 1156 and the 
SRAM 1155 are used as common memory spaces with 
the host CPU 810. 

[0653] The address space of the host CPU 810^ 
shown in Fig. 63 is described below with reference to 
Fig. 71. 

[0654] The address space of the host C PU 81 0^ con- 
tains, as shown in Fig. 71 , starting from the start ad- 
dress, a boot program, the system configuration, a code 
ROM, a data ROM, a work RAM, a common memory 
shared with the SAM 105-, shown in Fig. 63, a common 
memory shared with the AA/ compression/decompres- 
sion SAM 163 shown in Fig. 63, a common memory 
shared with the medium drive SAM 260 shown in Fig. 
63, and external devices. 

[0655] The SRAM 1155 and the SAM status register 

1156 shown in Fig. 69 are assigned to the common 
memory shared with the SAM 105^ shown in Fig. 63. 



Another example of rights processing SAM 

[0656] Fig. 72 illustrates a circuit module of a rights 
processing SAM 105b. In Fig. 72, the same elements 
5 as those shown in Fig. 69 are designated with like ref- 
erence numerals. 

[0657] The SAM 1 05b is fomned of, as shown in Fig. 
72, a secure memory 105ba, a host CPU 810, tamper- 
resistant software 1130, and an I/O module 1103. 

10 [0658] In the SAM 105b, the tamper- resistant soft- 
ware 1130 is executed by the host CPU 810 so as to 
implement the same function as the CPU 1100 shown 
in Fig. 68. As stated above, the tamper-resistant soft- 
ware 1130 is software in which the processing is totally 

15 shielded from an external source, and is difficult to be 
analyzed or overwritten. 

[0659] The secure memory 1 05ba is tamper-resistant 
hardware including a mask ROM 1104, a non-volatile 
memory 1105, a work RAM 1106, a public key encryp- 
tion module 1107, a common key encryption module 
1108, a hash function module 1109, an (intrinsic) ran- 
dom-number generator 1110, a real time clock module 
1111, and an external bus l/F 1112. 
[0660] The public key encryption module 1107, the 

25 common key encryption module 1108, and the hash 
function module 1109 may be implemented as a circuit 
module (H/W IP solution), or may be implemented by 
executing a public key encryption program, a common 
key encryption program, and a hash function program, 

30 respectively, stored In the non-volatile memory 1 1 05 by 
the host CPU 810 (S/W IP solution). 
[0661] An example of the configuration of the above- 
described medium SAM 133 is as follows. Fig. 73 illus- 
trates a circuit module of the medium SAM 133. 

35 [0662] The medium SAM 133 is tamper-resistant 
hardware including, as shown in Fig. 73, a CPU 1200, 
a DMA 1201 , an I/O module 1203, a mask ROM 1204, 
a non-volatile memory 1 205, a work RAM 1 206, a public 
key encryption module 1207, a common key encryption 

40 module 1 208, a hash function module 1 209, and an (in- 
trinsic) random-number generator 1210. 
[0663] The CPU 1200 controls the individual circuits 
within the tamper- resistant hardware. 
[0664] The work RAM 1206 corresponds to the work 

45 memory 200 shown in Fig. 30. 

[0665] The public key encryption module 1 207 is used 
for perfomning operations according lo the public key 
cryptosystem, for example, (1) perfonning mutual au- 
thentication with the SAM 105^ and the drive CPU 1003 

50 shown in Fig. 63, (2) creating signature data of the me- 
dium SAM 133a and checking signature data (of the 
EMD service center 102, the content provider 101 , and 
in the second embodiment, the service provider 310), 
(3) encrypting and decrypting a small amount of data to 

55 be transferred, and (4) sharing the session key data 
Kqes obtained by mutual authentication. The public key 
encryption module 1107 may be implemented as a cir- 
cuit module (H/W IP solution), or may be implemented 
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by executing the public key encryption program stored 
in the non-volatile memory 1205 by the CPU 1200 (S/ 
W IP solution). 

[0666] The common key encryption module 1208 is 
used for perfomnlng mutual authentication and for en- 
crypting and decrypting data, such as the key files KF 
and KFi by using the session key data Kqes obtained 
by perfomning mutual authentication. The common key 
encryption module 1108 may be implemented as a cir- 
cuit module (H/W IP solution), or may be implemented 
by executing the common key encryption program 
stored in the non-volatile memory 1205 by the CPU 
1200 (S/W IP solution). 

[0667] Mutual authentication can be realized by en- 
crypting and decrypting by one or both of the public key 
encryption module 1207 and the common key encryp- 
tion module 1208. 

[0668] The hash function module 1209 is used for 
generating hash functions of data. More specifically, the 
hash function module 1 209 is used for verifying the hash 
value of the key file KF^ of the secure container 
104x shown in Figs. 44A through 44D. The hash func- 
tion module 1 1 09 may be implemented as a circuit mod- 
ule (H/W IP solution), or may be implemented by exe- 
cuting the hash circuit module stored in the non-volatile 
memory 1205 by the CPU 1200 (S/W IP solution). 
[0669] The random-number generator 1210 is used 
for performing, for example, mutual authentication. 
[0670] The I/O module 1203 is used for performing 
communication with the medium SAM l/F 1007 shown 
in Fig. 63. 

[0671] The mask ROM 1204 stores fixed programs 
and data, such as an initializing program and an integrity 
check program for the medium SAM 133, when being 
shipped. 

[0672] The non-volatile memory 1205 stores variable 
programs and data, such as encryption programs and 
key data. 

[0673] Fig. 74 illustrates data stored In the mask ROM 
1204 and the non-volatile memory 1205 when shipping 
the medium SAM 133 to be installed in a recording me- 
dium (ROM). 

[0674] When shipping the recording medium (ROM), 
the medium SAM 133 stores, as shown in Fig. 74, an 
identifier (ID) of the medium SAM, storage key data 
^STR (medium key data K^^^, public key data K^scp 
of the EMD service center 102, public key data Kr.q^^ p 
of the root certifying authority 92, public-key certificate 
data CER^sAM of the medium SAM 133, public key data 
•^MSAM.P of the medium SAM 133, private key data 
KsAM.s of t^^e medium SAM 1 33, a revocation list, rights 
processing data, an entity ID which receives profits, the 
type of medium (medium type infonnation and informa- 
tion specifying either a ROM or a RAM), physical ad- 
dress information (register space address) of the key 
files KF, the key file KF of each content data C (content 
file CF) , and predetermined check values (MAC values). 
[0675] The physical address information (register 



space address) of the key files KF, the key file KF of 
each content data C (content file CF), and the predeter- 
mined check values (MAC values) are encrypted with 
the license key data KD managed by the EMD service 
5 center 102. 

[0676] Fig. 75 illustrates data stored in the mask ROM 
1 204 and the non-volatile memory 1 205 when user reg- 
istration is conducted and the purchase mode is deter- 
mined after the medium SAM 133 to be installed in a 
10 recording medium (ROM) has been shipped. 

[0677] As shown in Fig. 75, a user ID, a password, 
favorite information, settlement information (for exam- 
ple, a credit card number), electronic money informa- 
tion, a key file KF^, etc. are newly added to the medium 
15 SAM 1 33 by the user registration. 

[0678] Fig. 76 illustrates data stored in the mask ROM 
1204 and the non-volatile memory 1205 when the me- 
dium SAM 133 to be Installed In a recording medium 
(RAM) is shipped. 

^0 [0679] As illustrated in Fig. 76, when shipping the re- 
cording medium (RAM), the medium SAM 1 33 stores an 
identifier (ID) of the medium SAM 133, recording key 
data KsTR (medium key data K^ed)' Public key data 
Kggc.p of the EMD service center 102, public key data 
Kr-ca,p of the root certifying authority 92, public-key cer- 
tificate data CER^^sAM of the medium SAM 133, public 
key data K^sam.p of the medium SAM 133, private key 
data K^sAM.s of ^^e medium SAM 133, a revocation list, 
rights processing data, an entity ID which receives prof- 

30 its, and the type of medium (medium type information 
and information specifying either a ROM or a RAM). 
However, physical address information (register space 
address) of the key files KF, key files KF and KF^ of each 
content data C (content file CF), and predetennined 

35 check values (MAC values) are not stored. 

[0680] Fig. 77 illustrates data stored in the mask ROM 
1 204 and the non-volatile memory 1 205 when user reg- 
istration is conducted and the purchase mode is deter- 
mined after the medium SAM 133 to be installed in a 

^0 recording medium (RAM) has been shipped. 

[0681] As illustrated in Fig. 77, in addition to a user 
ID, a password, favorite information, settlement infor- 
mation (for example, a credit card number), and elec- 
tronic money information, physical address information 

45 (register space address) of the key files KF, the key files 
KF and KF., of each content data C (content file CF), 
and predetennined values (MAC values) are newly writ- 
ten into the medium SAM 133 by the user registration. 
[0682] The physical address infomnation (register 

50 space address) of the key file KF, the key files KF and 
KF^ of each content data C (content file CF), and the 
predetermined values (MAC values) are encrypted with 
the storage key data Kstr- 

/W compression/decompression SAM 163 

[0683] The A/V compression/decompression SAM 
163 implements, for example, the functions shown in 
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Fig. 22. 

[0684] Fig. 78 illustrates a circuit module of the A/V 
compression/decompression SAM 163. 
[0685] The AA/ compression/decompression SAM 
163 is tamper-resistant hardware including, as shown 
in Fig. 78, a CPU/DSP 1300, a DMA 1 301 , a mask ROM 
1304, a non-volatile memory 1305, a work RAM 1306, 
a common key encryption module 1308, an (intrinsic) 
random-number generator 1310, a compression/de- 
compression module 1320, a digital watermark embed- 
ding/detecting module 1321, and a partial-information 
disclosing control module 1322. 
[0686] The CPU/DSP 1300 centrally controls the in- 
dividual circuit modules within the A/V compression/de- 
compression SAM 1 63 by executing programs stored in 
the mask ROM 1304 and the non-volatile memory 1305 
in accordance with a command, for example, from the 
SAM 105-, shown in Fig. 63. 

[0687] The DMA 1 301 centrally controls access to the 
mask ROM 1304, the non-volatile memory 1305, and 
the work ROM 1306 in accordance with a command 
from the CPU/DSP 1300. 

[0688] When the A/V compression/decompression 
SAM 163, the mask ROM 1304 stores fixed programs, 
such as an inttializing program and an integrity check 
program for the A/V compression/decompression SAM 
163, and fixed data, such as an identifier AVSAM_ID of 
the A/V compression/decompression SAM 163. 
[0689] The non-volatile memory 1305 stores variable 
programs and data, such as an encryption program and 
key data. 

[0690] The work RAM 1306 stores the key file KF re- 
ceived from the SAM 105^. 

[0691] The common key encryption module 1308 is 
used for conducting mutual authentication and for en- 
crypting and decrypting the content data C and the con- 
tent key data Kc by using the session key data Kses 
obtained by mutual authentication. The common key en- 
cryption module 1308 may be implemented as a circuit 
module (H/W IP solution) or may be implemented by ex- 
ecuting the common key encryption program stored in 
the non-volatile memory 1305 by the CPU/DSP 1300 
(S/W IP solution). The common key encryption module 
1 308 also decrypts the content data C by using the con- 
tent key data Kc obtained from the SAM ^05^. 
[0692] The (intrinsic) random-number generator 1 31 0 
is used for performing mutual authentication with, for ex- 
ample, the SAM 105^. 

[0693] The compression/decompression module 
1320 implements the functions of, for example, the de- 
compression unit 223 shown in Fig. 22. More specifical- 
ly, the compression/decompression module 1320 de- 
compresses the content data received from the down- 
load memory 167 and the shock proof memory 1004 
shown in Fig. 63, and compresses the content data re- 
ceived from the fiJD converter. 

[0694] The digital watemnark embedding/detecting 
module 1321 implements the functions of the digital-wa- 



termark infomnation processor 224 shown in Fig. 22. For 
example, the digital watermark embedding/detecting 
module 1321 embeds predetemnined digital watermark 
infomnation into the content data to be processed by the 
5 compression/decompression module 1320 and detects 
the digital watemnark information embedded into the 
content data, that is, it determines whether the process- 
ing executed by the compression/decompression mod- 
ule 1320 is suitable. 
10 [0695] The partial-information disclosing control mod- 
ule 1322 implements the partially disclosing processor 
225 shown in Fig. 22, and plays back the content data 
according to the playback mode. 



[0696] Fig. 79 illustrates a circuit module of the medi- 
um drive SAM 260. 

[0697] The medium drive SAM 260 is tamper-resist- 
20 ant hardware including, as illustrated in Fig. 79, a CPU 
1400, a DMA 1401, a mask ROM 1404, a non-volatile 
memory 1405, a work RAM 1406, a common key en- 
cryption module 1408, a hash function module 1409, an 
(intrinsic) random-number generator 1410, an encode/ 
25 decoder module 1420. a storage- key-data generating 
module 1430, and a medium-unique-ID generating 
module 1440. 

[0698] The CPU 1400 executes programs stored in 
the mask ROM 1 404 and the non-volatile memory 1 405 

30 in accordance with a command from the drive CPU 1003 
shown in Fig. 63, and centrally controls the individual 
circuit modules within the medium drive SAM 260. 
[0699] The DMA 1 401 centrally controls access to the 
mask ROM 1404, the non-volatile memory 1405, and 

35 the work RAM 1 406 in accordance with a command from 
the CPU 1400. 

[0700] When the medium drive SAM 260 is shipped, 
the mask ROM 1404 stores fixed programs, such as an 
initializing program and an integrity check program for 
40 the medium drive SAM 260, and fixed data, such as 
identifier MDSAM_ID of the medium drive SAM 260. 
[0701 ] The non-volatile memory 1 405 stores variable 
programs and data, such as encryption programs and 
key data. 

45 [0702] The work RAM 1 406 serves as a work memory 
for executing various processing. 
[0703] The common key encryption module 1408 is 
used for performing mutual authentication between the 
medium SAM 133 and the A/V compression/decom- 

50 pression SAM 163, and for encrypting and decrypting 
the content file CP and the key file KF by using the ses- 
sion key data Kqes* which is a common key obtained by 
mutual authentication, and also for encrypting the con- 
tent key data Kc using the storage key data KgyR and 

55 the medium key data Kmed- '^^^ common key encryp- 
tion module 1408 verifies signature data and creates 
signature data by using the common key data and the 
hash values of data, for which signature data is to be 
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created. 

[0704] The common key encryption module 1 408 may 
be implemented as a circuit module (H/W IP solution), 
or may be implemented by executing the common key 
encryption program stored in the non-volatile memory 
1405 by the CPU 1400 (S/W IP solution). 
[0705] Encryption of the content key data Kc by using 
the storage key data Kstr nnay be performed by either 
the common key encryption module 1 408 of the medium 
drive SAM 260 or the medium SAM module 133. 
[0706] The hash function module 1 409 is used for ver- 
ifying signature data and for generating hash values of 
data, for which signature data is to be created. 
[0707] The (intrinsic) random-number generator 1 41 0 
Is used for performing mutual authentication with, for ex- 
ample, the medium SAM 133. 

[0708] When accessing the content data stored In the 
ROM area or the RAM area of the recording medium 
130, the encoder/decoder module 1420 executes 
processing, such as encoding, decoding, ECC, modu- 
lating, demodulating, sectorizing, and desectorizing, on 
the content data. 

[0709] The storage-key-data generating module 1 430 
generates the storage key data Kstr unique to each me- 
dium by using the medium unique ID generated by the 
medium-unique-ID generating module 1440. 
[0710] The medium-unique-ID generating module 
1440 generates a medium unique ID unique to each re- 
cording medium from the drive ID generated by the me- 
dium drive SAM 260 and the SAMJD of the medium 
SAM 133. 

[0711] The overall operation of the EMD system 1 00 
shown in Fig. 1 is described below with reference to the 
flow chart of Fig. 80. 

[0712] In step S1 , after the content provider 1 01 per- 
forms predetermined registration, the EMD sen/ice 
center 1 02 sends the public key certificate CERcp of the 
public key data K^pp of the content provider 101 . 
[0713] After the SAMs 105^ through 1064 perform 
predetermined registration processing, the EMD service 
center 102 also sends the public key certificates 
CERcpi through CERcp4 of the public key data Ksami p 
through Ksam4,p of the SAMs lOS^ through 1064, re- 
spectively. 

[0714] After conducting mutual authentication, the 
EMD service center 1 02 sends the license key data KD^ 
through KD3 for three months, each having a one-month 
effective period, to the SAMs 105^ through 1064 of the 
user home network 103. 

[0715] In this manner, in the EMD system 100, the li- 
cense key data KD-, through KD3 are distributed to the 
SAMs 105i through 1064 in advance. This enables the 
SAMs 1 05^ through 1 064 to purchase and utilize the se- 
cure container 1 04 distributed from the content provider 
101 by decoding the secure container 104 even while 
the SAMs 1 05^ through 1 064 are disconnected from the 
EMD service center 1 02. In this case, the purchase and 
usage log is recorded in the usage log data 108, which 



is then automatically sent to the EMD service center 1 02 
when the SAMs 1 05^ through 1 064 are connected to the 
EMD service center 1 02. It is thus possible for the EMD 
service center 102 to reliably perform settlement 

5 processing. If the EMD service center 1 02 does not re- 
ceive the usage log data 1 08 in a predetermined period, 
it is able to make the corresponding SAM invalid in the 
revocation list. The UCS data 166 is transmitted basi- 
cally in real time from the SAMs 105^ through 1064 to 

10 the EMD service center 102. 

[0716] In step S2, after performing mutual authentica- 
tion with the EMD service center 102, the content pro- 
vider 1 01 authorizes the UCP data 1 06 and the content 
key data Kc by registering them in the EMD service cent- 

^5 er 102. The EMD sen/Ice center 102 also creates the 
key file KF for six months and sends it to the content 
provider 101. 

[0717] In step S3, the content provider 101 creates 
the content file CF and the signature data SIGg cp there- 
to for, shown in Fig. 3A, and the key file KF and the signa- 
ture data SIG7 CP therefor, shown in Fig. 3B. The content 
provider 101 then sends the secure container 104 in 
which the above-described files and data, and the pub- 
lic-key certificate data CER^p and the signature data 
?5 SIG1 ESC therefor, shown in Fig. 3C, are stored, to the 
SAMs 1 05i through 1 064 of the user home network 1 03 
online or offline. 

[0718] In sending the secure container 104 online, a 
specific protocol for the content provider 1 01 is used to 

^0 distribute the secure container 1 04 from the content pro- 
vider 101 to the user home network 103 in the format 
independent of the protocol (i.e., data to be transmitted 
by using a predetermined layer of a communication pro- 
tocol consisting of a plurality of layers). In sending the 

f5 secure container 104 offline, the secure container 104 
is stored in a recording medium (ROM or RAM) and is 
sent from the content provider 1 01 to the user home net- 
work 103. 

[0719] Then, in step S4, the SAMs 1 05^ through 1 064 
0 of the user home network 1 03 check the signature data 
^'^6, CP' SIG7 Qp, and SIGK^ within the secure con- 
tainer 104 distributed from the content provider 101 so 
as to verify the integrity of the creators and senders of 
the content file CF and the key file KF Thereafter, the 
5 SAMs 105i through 1064 decode the key file KFby using 
the license key data KD^ through KDq of corresponding 
periods. 

[0720] Subsequently, in step S5, in the SAMs 105^ 
through 1064, the purchase and usage modes are de- 

^ termined based on the internal interrupt 8810 from the 
host CPU 810 according to the user's operation on the 
operation unit 185 shown in Fig. 22. 
[0721] In this case, the usage monitor 186 shown in 
Fig. 37 manages the purchase and usage modes of the 

' content file CF selected by the user based on the UCP 
data 106 stored in the secure container 104. 
[0722] In step S6, the accounting processors 187 of 
the SAMs 105-, through 1064 shown in Fig. 37 create 
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the usage log data 108 and the DCS data 166 in which 
the purchase and usage nnodes are recorded, and send 
thenn to the EMD service center 1 02. 
[0723] In step S7, the EMD service center 102 exe- 
cutes accounting processing based on the usage log da- 5 
ta 1 08, and creates the settlement request data 1 52 and 
the settlement report data 1 07. The EMD service center 
1 02 sends the settlement request data 1 52 and the sig- 
nature data SIG99 therefor, to the settlement organiza- 
tion 91 via the payment gateway 90 shown in Fig. 1 . The 10 
EMD service center 102 also sends the settlement re- 
port data 1 07 to the content provider 1 01 . 
[0724] Then, in step S8, after verifying the signature 
data SIG99, the settlement organization 91 distributes 
the payment made by the user to content rights holders, >5 
such as the content provider 101 , based on the settle- 
ment report data 152. 

[0725] As described above, in the EMD system 100, 
the secure container 1 04 shown in Figs. 3A through 3C 
is distributed from the content provider 1 01 to the user 20 
home network 1 03, and the key file KF within the secure 
container 104 is processed in the SAMs 105^ through 
1054. 

[0726] The content key data Kc and the UCP data 1 06 
stored in the key file KF are encrypted with the license 25 
key data KD-, through KD3, and are decrypted only in 
the SAMs 105^ through 1064 which hold the license key 
data KD^ through KD3. The SAMs 105^ through 1064 
are tamper-resistant hardware In which the purchase 
and usage modes of the content data C are determined 30 
based on the handling contents of the content data C 
recorded in the UCP data 106. 

[0727] Therefore, according to the EMD system 1 00, 
the content data C can be reliably purchased and uti- 
lized in the user home network 103 based on the UCP 35 
data 1 06 created by the content provider 101 or a con- 
tent-rights holder. 

[0728] Additionally, in the EMD system 100, the con- 
tent data C may be distributed from the content provider 
101 to the user home networic 103 online or offline by 40 
storing it in the secure container 104. In this case, the 
rights processing of the content data C in the SAMs 1 05^ 
through 1 064 are not influenced by whether the content 
data C is sent online or offline. 

[0729] In the EMD system 100, in purchasing, utiliz- 45 
ing, recording, and transferring the content data C in the 
network device 160^ and the AA/ machines IGOg 
through I6O4 within the user home network 103, 
processing is always executed based on the UCP data 
106. Thus, rights processing rules in common to the 50 
whole user home network 103 can be established. 
[0730] Fig. 81 illustrates an example of protocols for 
distributing the secure container 1 04 used in the first 
embodiment. 

[0731] In the multiple processor system (EMD sys- 55 
tem) 1 00, as illustrated in Fig. 81 , as protocols for deliv- 
ering the secure container 1 04 from the content provider 
101 to the user home networi< 103, TCP/IP and XMLV 



SMIL, for example, are used. 

[0732] As protocols for transfenring the secure con- 
tainer 1 04 between the SAMs of the user home network 
1 03 or between the user home networks 1 03 and 1 03a, 
for example, XMUSMIL which is constructed on a 
1394-serial bus/interface is used. In this case, the se- 
cure container 1 04 may be stored in a recording medium 
(ROM or RAM) and distributed between the SAMS. 

Second Embodiment 

[0733] In the first embodiment, the content data is di- 
rectly distributed from the content provider 101 to the 
SAMs 1 05^ through 1 064 of the user home network 1 03. 
In the second embodiment, the content data is distrib- 
uted from a content provider to SAMs of a user home 
network via a service provider. 

[0734] Fig. 82 is a block diagram illustrating an EMD 
service system 300 of the second embodiment. 
[0735] The EMD service center 300 includes, as 
shown in Fig. 82, a content provider 301 , an EMD serv- 
ice center 302, a user home network 303, a service pro- 
vider 31 0, a payment gateway 90, and a settlement or- 
ganization 91 .. 

[0736] The content provider 301, the EMD service 
center 302, the SAMs 305^ through 3064, and the serv- 
ice provider 310 respectively correspond to a data pro- 
viding apparatus, a management apparatus, a data 
processing apparatus, and a data distribution apparatus 
of the present invention. 

[0737] The content provider 301 is simitar to the con- 
tent provider 101 of the first embodiment except that it 
supplies content data to the service provider 31 0. 
[0738] The EMD service center 302 is similar to the 
EMD service center 1 02 of the first embodiment except 
that it exercises an authentication function, a key-data 
management function, and a rights processing function, 
not only for the content provider 1 01 and the SAMs 305^ 
through 3054, but also for the service provider 301 . 
[0739] The user home network 303 includes a net- 
work device 360^ and AA/ machines 36O2 through 36O4. 
The network device 360^ integrates a SAM 305^ and a 
CA module 311 therein, and the A/V machines 36O2 
through 36O4 integrate SAMs 3052 through 3054 therein. 
[0740] The SAMs 305^ through 3054 are similar to the 
SAMs 105^ through 1064, respectively, of the first em- 
bodiment, except that they receive a secure container 
304 from the service provider 310, and verify signature 
data of the content provider 301 and the service provider 
31 0, and also create service-provider (SP) purchase log 
data (data for a data distribution apparatus) 309 for the 
service provider 31 0. 

[0741] An overview of the EMD system 300 is as fol- 
lows. 

[0742] In the EMD system 300, the content provider 
301 transmits the content key data Kc and the UCP data 
1 06, which is similar to that of the first embodiment and 
which indicates the rights of the content data, such as 
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license agreement conditions of the content data C to 
be provided, to the EMD service center 302, which is a 
highly reliable authorizing organization. The UCP data 
1 06 and the content key data Kc are authorized (authen- 
ticated) by being registered in the EMD service center 
302. 

[0743] The content provider 301 encrypts the content 
data C with the content key data Kc so as to create the 
content file CF. The content provider 301 receives a key 
file KF for six months for each content file CF from the 
EMD service center 302. 

[0744] The key file KF contains signature data for ver- 
ifying the integrity of the key file KF and integrity of the 
creator and the sender of the key file KF. 
[0745] The content provider 301 then supplies the se- 
cure container 104 shown in Figs. 3A through 3C in 
which the content file CF. the key file KF, and the signa- 
ture data are stored to the service provider 310 offline 
via a recording medium or online via a network, such as 
the Internet, a digital broadcast, or by using an unofficial 
protocol. 

[0746] The signature data stored in the secure con- 
tainer 1 04 is used for verifying the integrity of the corre- 
sponding data and the integrity of the creator and the 
sender of the data. 

[0747] Upon receiving the secure container 1 04 from 
the content provider 301, the service provider 310 
checks the signature data so as to verify the integrity of 
the creator and the sender of the secure container 1 04. 
[0748] The service provider 31 0 then creates price tag 
data (PT) 31 2 obtained by adding a price forthe services 
given by the service provider 310, such as authoring 
services, to the SRP, which has been reported to the 
service provider 31 0 offline, desired by the content pro- 
vider 301. 

[0749] TheserviceproviderSIOthen extracts the con- 
tent file CF and the key file from the secure container 
104 and creates the secure container 304 in which the 
content file CF, the key file KF, the price tag data 312, 
and signature data Kgps therefor are stored. 
[0750] The key file KF is encrypted with the license 
key data KD^ through KDg, and the service provider 31 0 
is unable to see the content of the key file KF or overwrite 
it since it does not own the license key data KD^ through 
KDg. 

[0751] The EMD service center 302 also authorizes 
the price tag data 312 by registering it. 
[0752] The service provider 31 0 distributes the secure 
container 304 to the user home network 303 online or 
offline. If the secure container 304 is supplied offline, It 
is recorded on a recording medium (ROM) and is directly 
supplied to the SAMs 305i through 3064. If the secure 
container 304 is supplied online, the service provider 
310 first performs mutual authentication with the CA 
module 311, and encrypts the secure container 304 by 
using the session key data Kg^g and sends it. The CA 
module 311 receives the encrypted secure container 
304 and decrypts it by using the session key data Kqes, 



and then transfers it to the SAMs 305^ through 3064. 
[0753] In this case, as communication protocols for 
sending the secure container 304 from the content pro- 
vider 301 to the user home network 303, MHEG is used 
5 for a digital broadcast, and XMUSMILTHTML is used for 
the Internet. The secure container 304 is embedded 
within the corresponding protocol according to a tun- 
neling technique without depending on the communica- 
tion protocol (coding method). 

[0754] Accordingly, the format of the secure container 
304 does not have to match the communication proto- 
col, thereby increasing the flexibility in selecting the for- 
mat of the secure container 304. 
[0755] Subsequently, the SAMs 305^ through 3064 

^5 check the signature data stored in the secure container 
304 so as to verify the integrity of the creator and the 
sender of the content file CF and the key file KF stored 
in the secure container 304. The SAMs 305^ through 
3054 then decode the key file KF by using the license 

20 key data KD^ through KD3 of corresponding periods dis- 
tributed from the EMD service center 302. 
[0756] In the network device 360^ and the A/V ma- 
chines 36O2 through 36O4, the purchase and usage 
modes of the secure container 304 supplied to the SAMs 

^5 305^ through 3064 are determined according to the us- 
er's operation, and the secure container 304 is then 
ready to be played back or recorded on a recording me- 
dium. 

[0757] The SAMs 305., through 3064 record the pur- 
30 chase and usage log of the secure container 304 as the 
usage log data 308. The usage log data (log data or a 
management-apparatus log data) 308 is sent from the 
user home network 303 to the EMD service center 302 
in response to, for example, a request from the EMD 
35 service center 302. 

[0758] Upon detennining the purchase mode of the 
content, the SAMs 305^ through 3064 send the UCS da- 
ta 1 66 indicating the purchase mode to the EMD service 
center 302. 

40 [0759] The EMD service center 302 determines (cal- 
culates) the accounting content for each of the content 
provider 301 and the service provider 31 0 based on the 
usage log data 308, and settles the account, based on 
the calculated accounting content, by using the settle- 

45 ment organization 91 , such as a bank, via the payment 
gateway 90. According to this settlement, the payment 
made by the user of the user home network 303 to the 
settlement organization 91 is given to the content pro- 
vider 301 and the service provider 31 0 by the settlement 

50 processing performed by the EMD service center 302. 
[0760] In this embodiment, the EMD service center 
302 has an authentication function, a key-data manage- 
ment function, and a rights processing (profit distribu- 
tion) function. 

55 [0761] More specifically, the EMD service center 302 
serves as a second certifying authority located at a layer 
lower than the root certifying authority 92, which is the 
neutral supreme authority, and authenticates public key 



46 



BNSDCXIID: <EP 1 130492A2_L> 



91 



EP 1 130 492 A2 



92 



data by attaching a signature to the public-key certificate 
data of the public key data by using private key data of 
the EMD service center 1 02. The public key data is used 
for verifying the integrity of the signature data in the con- 
tent provider 301, the service provider 310, and the 
SAMs 305^ through SOS^. As stated above, the EMD 
service center 1 02 registers and authorizes the UCP da- 
ta 1 06 of the content provider 301 , the content key data 
Kc, and the price tag data 312 of the service provider 
310, which is also part of the authentication function of 
the EMD service center 302. 

[0762] The EMD service center 302 also has the key- 
data management function of managing key data, such 
as license key data KD^ through KDq. 
[0763] The EMD service center 302 also has the fol- 
lowing rights processing (profit distribution) function. 
The EMD service center 302 settles the account for the 
purchase and usage of the content made by the user 
based on the UCP data 106 registered by the content 
provider 301, the usage log data 308 input from the 
SAMs 305^ through 3064, and the price tag data 312 
registered by the service provider 310, and distributes 
the payment made by the user to the content provider 
301 and the service provider 31 0. 
[0764] Details of the individual elements of the con- 
tent provider 301 are as follows. 

[Content provider 301 ] 

[0765] The content provider 301 is similar to the con- 
tent provider 101 of the first embodiment except that it 
supplies the secure container 104 shown in Figs. 3A 
through 3C to the service provider 310 online or offline. 
[0766] That is, the content provider 301 creates the 
secure container 104 and inserts it into a product dis- 
tributing protocol for the content provider according to 
the process shown in Figs. 17 through 19. 
[0767] The service provider 310 then downloads the 
secure container 1 04 and extracts it from the protocol. 

[Service provider 31 0] 

[0768] The service provider 310 creates the secure 
container 304 in which the content file CF and the key 
file KF supplied from the content provider 301 and the 
price tag data 312 are stored, and distributes it to the 
network device 360-| and the AA/ machines SSOg 
through 36O4 of the user home network 303 online or 
offline. 

[0769] The services by the service provider 3 1 0 to the 
distribution of the content are largely divided into two 
types, i.e., independent services and dependent servic- 
es. 

[0770] The independent services are downloading 
services for individually distributing the contents. The 
dependent services are services for distributing the con- 
tent together with programs or commercials (CM), for 
example, supplying the content of a theme song of a 



drama program by inserting it in a drama program 
stream. This enables the user to purchase the content 
stored in the stream while watching the drama program. 
[0771] Upon receiving the secure container 104 from 
5 the content provider 301 , the service provider 310 cre- 
ates the secure container 304 according to the following 
process. 

[0772] A description is now given, with reference to 
the flow chart of Fig. 83, of the process of creating the 
secure container 304 from the secure container 1 04 re- 
ceived from the content provider 301 and distributing it 
to the user home network 303, 

[0773] In step S83-1, the service provider 310 re- 
ceives the secure container 104 shown in Figs. 3A 
through 3C-from the content provider 301 online or of- 
fline, and stores it. 

[0774] If the secure container 104 is sent online, the 
secure container 104 is decoded by using the session 
key data Kses obtained by mutual authentication be- 
tween the content provider 301 and the service provider 
310. 

[0775] In step S83-2, the service provider 31 0 verifies 
the integrity of the signature data SIG-, gsc^^own in Fig. 
3C of the secure container 1 04 by using the public key 
data KgsQ p of the EMD service center 302, and then, 
extracts the public key data Kcp,p from the pub lie- key 
certificate data CER^p shown in Fig. 3C. 
[0776] The service provider 31 0 then checks the sig- 
nature data SIGqcp and SIG7 Qp shown in Figs. 3A and 
3B, respectively, of the secure container 1 04 by using 
the extracted public key data Kcp,p so as to verify the 
integrity of the creator and the sender of the content file 
CF and the sender of the key file KF. 
[0777] The service provider 31 0 also checks the sig- 
nature data SIGki^sc stored in the key file KF shown 
in Fig. 3B by using the public key data K^qq p so as to 
verify the integrity of the creator of the key file KF. This 
also verifies the official registration of the key file in the 
EMD service center 102. 

[0778] Thereafter, in step S83-3. the sen/ice provider 
310 creates the price tag data 312 obtained by adding 
a price for the services of the service provider 31 0 to the 
RSP desired by the content provider 301 which has 
been reported from the content provider 301 offline. 
[0779] The service provider 31 0 also creates signa- 
ture data SIG62,sp, SIGgasp* anci SIG64sp from the 
hash values of the content file CF, the key file KF, and 
the price tag data 31 2, respectively, by using the private 
key data Ksp p of the service provider 31 0. 
[0780] The signature data S!G62,sp '® used for verify- 
ing the integrity of the sender of the content file CF, the 
signature data SlGgg sp is used for verifying the sender 
of the key file KF, and the signature data SIGg4Sp is 
used for verifying the creator and the sender of the price 
tag data 312. 

[0781] The service provider 31 0 then creates the se- 
cure container 304 in which the content file CF and the 
signature data SIGg cp ^ncl SIG62,sp therefor, shown in 
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Fig. 84A, the key file KF and the signature data S\Gj 
and SIGes^Esct^^^refor, shown in Fig. 84B, the price tag 
data 312 and the signature data SIG64Sp therefor, 
shown In Fig. 84C, and the public-key certificate data 
CERgp and the signature data SIGg^ gsc therefor and 
the public-key certificate data CERcp and the signature 
data SIG^ ESC therefor, shown in Fig. 84D, are stored, 
and then stores the created secure container 304 in a 
secure container database. 

[0782] The secure container 304 stored in the secure 
container database is centrally managed by the service 
provider 310 by using, for example, the content ID. 
[0783] Fig. 84A illustrates the configuration of the con- 
tent file CF when a DSP is used as an A/V compression/ 
decompression device for decompressing the content 
data C. The DSP decompresses the content data C 
within the secure container 104, and also embeds and 
detects digital watennark information by using AA/ de- 
compression software and a digital watermark infonma- 
tion module within the secure container 304. This ena- 
bles the content provider 301 to employ a desired com- 
pression method and a digital-watermark embedding 
method. 

[0784] If hardware or prostored software is used as 
an AA/ compression/decompression device for decom- 
pressing the content data C and for embedding and de- 
tecting digital watermark information, the AA/ decom- 
pression software and the digital watermark information 
module may not be stored within the content file CR 
[0785] Then, in step S83-4, the service provider 310 
reads the secure container 304 from the secure contain- 
er database in response to a requestfrom the user home 
network 303. 

[0786] In this case, the secure container 304 may be 
a composite container in which a plurality of content files 
CF and a plurality of corresponding key files KF are 
stored. For example. In a single secure container 304, 
a plurality of content files CF concerning a piece of mu- 
sic, a video clip, a word card, a liner note, and a jacket 
may be stored. The plurality of content flies CF may be 
stored within the secure container 304 in a directory 
structure. 

[0787] If the secure container 304 is sent via a digital 
broadcast, the MHEG protocol is employed. If the se- 
cure container 304 is sent via the Internet, the XML/ 
SMIL-ZHTML protocol is employed. 
[0788] In this case, the content file CF and the key file 
KF within the secure container 104 are stored in a pre- 
determined layer of a communication protocol which is 
employed between the service provider 31 0 and the us- 
er home network 303 without being dependent on the 
coding method, such as the MHEG or HTML protocol. 
[0789] For example, if the secure container 304 is 
sent via a digital broadcast, as shown in Fig. 85, the con- 
tent file CF Is stored as MHEG content data within a 
MHEG object. 

[0790] A MHEG object which is a moving picture is 
stored in a packetlzed elementary stream (PES)-vldeo 



in the transport layer protocol, a MHEG object which is 
sound Is stored in PES-audIo In the transport layer pro- 
tocol, and a MHEG object which is a still image is stored 
in Private-Data. 

5 [0791] The key file KF, the price tag data 312, and the 
public-key certificate data CERcp, CERgp are stored, 
as shown in Fig. 86, in entitlement control message 
(ECM) within a TS packet of the transport layer protocol. 
[0792] The content file CF, the key file KF, the price 

10 tag data 31 2, and the public-key certificate dataCER^p, 
CERgp are linked by the directory structure data DSD^ 
within the header of the content file CR 
[0793] The service provider 310 then supplies the se- 
cure container 304 to the user home network 303 online 

IS and/or offline. 

[0794] If the secure container 304 is distributed to the 
network device 360^ of the user home network 303, the 
service provider 31 0 encrypts the secure container 304 
by using the session key data Kqes after performing mu- 

^0 tual authentication, and then distributes it to the network 
device 360^ via a network. 

[0795] If the secure container 304 is broadcast via a 
satellite, the service provider 310 encrypts the secure 
container 304 with scrambling key data Kg^p. The 
25 scrambling key data Kqcr is also encrypted with work 
key data K^, and the work key data is encrypted 
with master key data K^. 

[0796] The service provider 310 then sends the 
scrambling key data Kq^r and the work key data 
30 together with the secure container 304 to the user home 
network 303 via a satellite. The service provider 310 al- 
so distributes the master key data K^ by storing It In, for 
example, an IC card, to the user home network 303 of- 
fline. 

35 [0797] Upon receiving the SP purchase log data 309 
concerning the content data C from the user home net- 
work 303, the service provider 310 stores It. 
[0798] In determining future services, the service pro- 
vider 310 refers to the SP purchase log data 309. The 

40 service provider 31 0 also analyzes, based on the pur- 
chase log data 309, the user's favorites of the SAMs 
305^ through SOS^ which have sent the SP purchase log 
data 309, and then creates user favorite filer data 900 
and sends it to the CA module 311 of the user home 

45 network 303. 

[0799] The service provider 31 0 or a service-provider 
related organization registers in the EMD sen/ice center 
302 offline, and acquires a globally unique identifier 
SP_ID by using an ID certificate of the service provider 

50 310 or a bank account for performing settlement 
processing. 

[0800] The service provider 310 also authorizes the 
price tag data 312 by registering it in the EMD service 
center 302. 

55 

[EMD service center 302] 

[0801] As discussed above, the EMD service center 
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302 serves as a certifying authority (CA), a key manage- 
ment authority, and a rights processing (rights clearing) 
authority. 

[0802] Fig. 87 illustrates the major functions of the 
EMD service center 302. The EMD service center 302 
performs processing, as illustrated in Fig. 87, such as 
supplying the license key data to the content provider 
301 and the SAMs 305^ through 3064, issuing the pub- 
lic-key certificate data CERcp, CERsp, and CERs;^|^i 
through CERg;^,^,^, creating the key file KF, and settle- 
ment processing (profits distribution) based on the us- 
age log data 308. 

[0803] Among the above-described functions, supply- 
ing the license key data, issuing the public-key certifi- 
cate data CERcp and CERsami through CERsam4' 
creating the key file KF are simitar to those of the EMD 
service center 102 of the first embodiment. 
[0804] Unlike the EMD service center 102, however, 
the EMD service center 302 issues the public-key cer- 
tificate data CERsp of the service provider 3 10, and also 
distributes, based on the usage log data 308, the profits 
obtained by the purchase of the content data C in the 
SAMs 305^ through 3064 to the content provider 301, 
content-provider rights holders, the service provider 
310, and service-provider rights holders. 
[0805] The contents of the usage log data 308 may 
be those shown in Fig. 21 . 

[0806] The EMD service center 302 also creates the 
user favorite filter data 900 for selecting content data C 
according to the user's favorites of the SAMs 305^ 
through 3064 which have sent the usage log data 308, 
and sends It to the SAMs 305^ th rough 3064 via the SAM 
manager 149. 

[User home network 303) 

[0807] The user home network 303 includes, as 
shown in Fig. 82, the network device 360^ and the AN 
machines 36O2 through 36O4. 

[0808] The network device 360^ integrates the CA 
module 311 and the SAM 305^ therein. The AA/ ma- 
chines 36O2 through 36O4 Integrate the SAMs 3052 
through 3064, respectively. The SAMs 305i through 
3054 are connected to each other via the bus 1 91 , such 
as a 1394-serial interface bus. 

[0809] The AA/ machines 36O2 through 36O4 may be 
provided with a network communication function, 
though it is not essential. If a network communication 
function is not provided, the AA/ machines 36O2 through 
36O4 may simply use the network communication func- 
tion of the network device 360^ via the bus 191. Alter- 
natively, the user home network 303 may include only 
A/V machines without a network function. 
[0810] Details of the networi< device 360^ are as fol- 
lows. 

[0811] Fig. 88 is a block diagram illustrating the net- 
work device 360^. The network device 360^ includes, 
as shown in Fig. 88, the communication module 162, 



the CA module 311, a decoding module 905, the SAM 
305i, the A/V compression/decompression SAM 163, 
the operation unit 165, the download memory 167, the 
playback module 1 69, the external memory 201 , and the 

5 host CPU 810. The same elements as those shown in 
Fig. 22 are designated with like reference numerals. 
[0812] The communication module 162 performs 
processing for communicating with the service provider 
310. More specifically, the communication module 162 

10 outputs the secure container 304 received from the 
service provider 310 via, for example, a satellite broad- 
cast, to the decoding module 905. The communication 
module 1 62 also outputs the user favorite filter data 900 
received from the service provider 31 0 via, for example, 

'5 a telephone line, to the CA module 31 1 , and also sends 
the SP purchase log data 309 received from the CA 
module 311 to the service provider 31 0 via, for example, 
a telephone line. 

[0813] Fig. 89 is a functional block illustrating the CA 

20 module 311 and the decoding module 905. 

[0814] The CA module 311 includes^ as shown in Fig. 
89, a mutual authentication unit 906, a storage unit 907, 
an encryption/decryption unit 908, and a SP purchase 
log data generator 909. 

25 [0815] In sending and receiving data between the CA 
module 31 1 and the service provider 31 0 via a telephone 
line, the mutual authentication unit 906 performs mutual 
authentication with the service provider 3 1 0 so as to cre- 
ate the session key data Kq^q and outputs it to the en- 

30 cryption/decryption unit 908. 

[0816] The storage unit 907 stores the master key da- 
ta Km supplied offline from the service provider 310 by 
being stored in an IC card 91 2 after the service provider 
31 0 has made a contract with the user. 

35 [0817] The encryption/decryption unit 908 receives 
the encrypted scrambling key data Kqcr and work. key 
data Kw from a decoder 910 of the decoding module 
905, and decrypts the work key data Ky^^ by using the 
master key data read from the storage unit 907. The 

40 encryption/decryption unit 908 then decrypts the scram- 
bling key data KgcR by using the decrypted work key 
data Ky^, and outputs it to the decoder 910. 
[0818] The encryption/decryption unit 908 also de- 
crypts the user favorite filter data 900 received from the 

45 service provider 31 0 by the communication module 1 62 
via, for example, a telephone line, by using the session 
key data Kqes ^rom the mutual authentication unit 906, 
and outputs it to a secure-container selection unit 911 
of the decoding module 905. 

50 [0819] The encryption/decryption unit 908 decrypts 
the SP purchase log data 309 received from the SP pur- 
chase log data generator 909 by using the session key 
data Kg^s from the mutual authentication unit 906, and 
sends it to the service provider 31 0 via the communica- 

55 tion module 162. 

[0820] The SP purchase log data generator 909 gen- 
erates the SP purchase log data 309 indicating the pur- 
chase log of the content data C unique to the service 
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provider 310 based on the operation signal S165 ob- 
tained by performing the user's operation on the opera- 
tion unit 1 65 shown in Fig. 88, or based on the UCS data 
1 66 from the SAM 305^ . The SP purchase log data gen- 
erator 909 then outputs the SP purchase log data 309 5 
to the encryption/decryption unit 908. 
[0821] The SP purchase log data 309 includes infor- 
mation on distribution services of the service provider 
310 reflecting the user's opinion, a monthly basic fee 
(incurred by using a network), contract (update) infor- io 
mation, and purchase log information. 
[0622] The CA module 311 communicates with an ac- 
count database of the service provider 3 1 0 Jf the service 
provider 310 has an accounting function, a client man- 
agement database, and a marketing information data- i5 
base. In this case, the CA module 311 sends account 
data for distribution services of the content data to the 
service provider 310. 

[0823] The decoding module 905 includes the decod- 
er 910 and the secure-container selection unit 911 . 20 
[0824] The decoder 910 receives the encrypted se- 
cure container 304, the scrambling key data Kqcr, and 
the work key data Kyy from the communication module 
162. The decoder 910 then outputs the encrypted 
scrambling key data Kqcr and the work key data Kyy to 25 
the encryption/decryption unit 908 of the CA module 31 1 
and receives the decrypted scrambling key data Kqcr 
from the encryption/decryption unit 908. The decoder 
910 also decrypts the encrypted secure container 304 
by using the scrambling key data Kqcr, and then outputs 30 
it to the secure-container selection unit 911 . 
[0825] If the secure container 304 is sent from the 
service provider 310 according to the MPEG2 transport 
stream method, the decoder 910 extracts the scram- 
bling key data Kscr from the ECM of the TS Packet, and 35 
extracts the work key data K^y from the EMM. 
[0826] The ECM-also contains program attribute in- 
formation of each channel. The EMM also contains 
demonstration contract information of each user (view- 
er). 40 
[0827] The secure-container selection unit 911 filters 
the secure container 304 received from the decoder 91 0 
by using the user favorite filter data 900 received from 
the CA module 311 so as to select the secure container 
1 04 according to the user's favorite, and outputs it to the 45 
SAM 305^. 

[0828] The SAM 305^ is discussed in detail below. 
[0829] The functions and the structure of the SAM 
305^ are basically similar to those of the SAM 105^ of 
the first embodiment described with reference to Figs, so 
22 through 72, except that it perfonns processing for not 
only the content provider 301, but also for the service 
provider 310, such as checking the signatures for the 
service provider 310. 

[0830] The SAMs 305^ through 3064 are modules for 55 
perfomning accounting for each content and communi- 
cating with the EMD service center 302. 
[0831] The configuration of the user home network 



104 shown in Fig. 63 is applicable to the devices within 
the user home network 303. The configurations of the 
rights processing SAM, the medium SAM 133, the AA/ 
compression/decompression SAM 163, and the medi- 
um drive SAM 260 described with reference to Figs. 68 
to 79 are applicable to the SAMs 305^ through 3064 
within the user home network 303. 
[0832] The SAMs 3052 through 3054 basically have 
the same functions as the SAM 305^. 
[0833] Details of the functions of the SAM 305^ are as 
follows. 

[0834] Fig. 90 is a block diagram illustrating the func- 
tions of the SAM 305^, and also illustrates the flow of 
data relating to processing for receiving the secure con- 
tainer 304 from the service provider 31 0. 
[0835] The SAM 305^ includes, as shown in Fig. 90, 
a mutual authentication unit 170, encryption/decryption 
units 171,1 72, and 1 73, a download memory manager 
182. an AA/ compression/decompression SAM manag- 
er 184, an EMD service center manager 185, a usage 
monitor 186, a SAM manager 190, a storage unit 192, 
a medium SAM manager 197, a work memory 200, a 
service provider manager 580, an accounting processor 
587, a signature processor 589, an external memory 
manager 811 , and a CPU 1100. 

[0836] As in the case of the SAM 105^, predetennined 
function of the SAM 305^ shown in Fig. 90 are Imple- 
mented by executing the private program by the CPU. 
[0837] In Fig. 90, the same functional blocks as those 
shown in Fig. 30 are designated with like reference nu- 
merals. 

[0838] In the external memory 201 shown in Fig. 88, 
the usage log data 308 and the SAM registration list are 
stored by executing the processing discussed in the first 
embodiment and processing, which is discussed below. 
[0839] In the work memory 200, as shown in Fig. 91 , 
the content key data Kc, the UCP data 1 06, the lock key 
data Kloc of the storage unit 1 92, the public-key certif- 
icate data CERqp of the content provider 301 , the pub- 
lic-key certificate data CERgp of the service provider 
310, the UCS data 166, the SAM program download 
containers SDC^ through SDC3, and the price tag data 
312. 

[0840] Among the functional blocks of the SAM 305^ , 
only the functional blocks unique to the second embod- 
iment In Fig. 90 are explained below. 
[0841] The signature processor 589 verifies the sig- 
nature data within the secure container 304 by using the 
public key data K^scp the EMD service center 302, 
the public key data kcp,p of the content provider 301 , 
andthepublic key data Kgpp of the service providerSIO, 
all of which are read from the storage unit 192 or the 
work memory 200. 

[0842] When the CPU 1100 receives the internal In- 
terrupt S81 0 from the host CPU 81 0 in accordance with 
the user's operation, as shown in Fig. 92, the accounting 
processor 587 performs accounting processing under 
the control of the CPU 1 1 00 in accordance with the con- 
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tent purchase and usage modes of the content based 
on the price tag data 312 read from the work memory 
200. 

[0843] The price tag data 312, which indicates the 
sales price of the content data to the user, is output to 
the exterior of the SAM 305^ via predetermined output 
means in determining the purchase mode of the content 
data by the user 

[0844] The accounting processing by the accounting 
processor 587 is executed based on the contents of 
rights, such as the licensing agreement conditions indi- 
cated by the UCP data 1 06, and the UCS data 1 66, un- 
der the monitoring of the usage monitor 1 86. That is, the 
user is able to purchase and utilize the content within 
the allowances of the rights. 

[0845] In performing the accounting processing, the 
accounting processor 587 creates or updates the usage 
log data 308, and writes it into the externa! memory 201 
via the external memory manager 811 . 
[0846] The usage log data 308, as well as the usage 
log data 1 08 used in the first embodiment, is used for 
detemnining the payment of the license fee for the se- 
cure container 304 by the EMD service center 302. 
[0847] The accounting processor 587 also creates the 
UCS data 166 indicating the purchase and usage 
modes of the content determined by the user under the 
control of the CPU 1 1 00, and writes it into the work mem- 
ory 200. 

[0848] The purchase modes of the content include 
"sell through" in which no restriction is imposed on play- 
back operation by the purchaser and copying for the use 
of the purchaser, "pay per play" in which charging incurs 
every time the content is played back, and so on. 
[0849] The UCS data 166 is created upon determining 
the purchase mode by the user, and is used for control- 
ling the use of the content to make sure that the user 
utilizes the content within the allowances of rights. In the 
UCS data 166, the content ID, the purchase mode, the 
sell through price, the SAM_ID of the SAM which has 
purchased the content, the USERJD of the user who 
has purchased the content, and so on. 
[0850] If the detennined purchase mode is "pay per 
play", "pay per SCMS", or "pay per copy N without copy 
guard", the SAM 305^ sends the UCS data 166 to the 
service provider 310 in real time, and the service pro- 
viderSI 0 instructs the EMD service center302 to obtain 
the usage log data 308 from the SAM 305^. 
[0851] If the determined purchase mode is "sell 
through", the UCS data 166 is sent to the service pro- 
vider 31 0 and the EMD service center 302 in real time. 
[0852] In the SAM 305^, as illustrated in Fig. 90, the 
user favorite fitter data 900 received from the EMD serv- 
ice center 302 via the EMD service center manager 1 85 
is output to the service provider manager 580. Then, in 
the service provider manager 580, the secure container 
304, which has been received from the decoding mod- 
ule 905 shown in Fig. 89 and filtered based on the user 
favorite filter data 900, is selected, and the selected se- 



cure container 304 is output to the download memory 
manager 182. This enables the SAM 305-| to select the 
content data C according to the user's favorite, based 
on the purchase of the content data C, obtained from all 
5 the service providers 31 0 which have made a contract 
with the user. 

[0853] The flows of the processes within the SAM 
305-1 are as follows. 

^0 Processing to be executed when receiving license key 
data 

[0854] The flow of the process within the SAM 305^ 
for storing the license key data KD^ through KD3 re- 
15 ceived from the EMD service center 302 in the storage 
unit 192 is similar to that of the first embodiment dis- 
cussed with reference to Fig. 35. 

Processing to be executed when receiving the secure 



[0855] The flow of the process within the SAM 305., 
when receiving the secure container 304 from the serv- 
ice provider 310 is described below with reference to 
25 Fig. 93. 

[0856] In the following example, in the SAM 305-, , var- 
ious types of signature data are checked when receiving 
the secure container 304. However, the signature data 
may be checked when determining the purchase and 
30 usage modes rather than when receiving the secure 
container 304. 

[0857] In step. S93-0, the CPU 11 00 of the SAM 305^ 
shown in Fig. 90 receives from the host CPU 810 the 
internal interrupt S810 indicating an instruction to per- 

35 fomn processing for receiving the secure container. 
[0858] In step S93-1, the mutual authentication. unit 
170 of the SAM 305^ shown in Fig. 90 perfonms mutual 
authentication with the service provider 31 0. 
[0859] Then, in step S93-2, the mutual authentication 

40 unit 1 70 of the SAM 305., conducts mutual authentica- 
tion with the medium SAM 1 67a of the download mem- 
ory 167. 

[0860] In step 593-3, the secure container 304 re- 
ceived from the service provider 31 0 is written into the 

45 download memory 167. Simultaneously, the securecon- 
tainer304 is encrypted in the mutual authentication unit 
1 70, and is decrypted in the medium SAM 1 67a by using 
the session key data obtained in step S93-2. 
[0861] In step S93-4, the SAM 305^ decodes the se- 

50 cure container 304 by using the session key data ob- 
tained in step S93-1 . 

[0862] Subsequently, in step S93-5, the signature 
processor 589 verifies the signature data SIGgi esc 
shown in Fig. 84D, and then verifies the integrity of the 
55 signature data SIG62,sp, SIGgg gp, and SIGg4 by us- 
ing the public key data Kspp of the service provider 31 0 
stored in the public-key certificate data CERgp shown 
in Fig. 84D. 



container 304 from the service provider 310 
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[0663] When verifying the integrity of the signature 
data SIGga.sp. the integrity of the sender of the content 
file CF is verified. When verifying the integrity of the sig- 
nature data SIGga^sp. the integrity of the sender of the 
key file KF is verified. When verifying the integrity of the 
signature data SIGg^ gp. the integrity of the creator and 
the sender of the price tag data 312 is verified. 
[0664] In step S93-6, the signature processor 589 ver- 
ifies the signature data SIG^ ^sc shown in Fig. 84D, and 
then, verifies the signature data SIGg cp and SIG7 by 
using the public key data K^pp of the content provider 
301 stored in the public-l<ey' certificate data CER^p 
shown in Fig. 84D. 

[0865] When verifying the integrity of the signature 
data SIGg^cp. the integrity of the creator and the sender 
of the content file CF is verified. When verifying the in- 
tegrity of the signature data SIG7 Qp the sender of the 
key file KF is verified. 

[0666] In step 93-7, the signature processor 589 
checks the signature data SIGki,esc within the key file 
KF shown in Fig. 84B by using the public key data 
^ESCP ^^^^ ^''onn the storage unit 1 92 so as to verify the 
integrity of the creator of the key file KF and the official 
registration of the key fife KF in the EMD service center 
302. 

[0867] Then, in step S93-8, the encryption/decryption 
unit 1 72 decrypts the content key data Kc, the UCP data 
106, and the SAM program download containers SDC^ 
through SDC3 within the key file KF shown in Fig. 84B 
by using the license key data KD^ through KD3 of cor- 
responding periods read from the storage unit 1 92, and 
writes them into the work memory 200. 
[0868] In step S93-9, the CPU 1100 determines 
whether the above-described processing for receiving 
the secure container has been correctly performed, and 
reports the corresponding information to the host CPU 
810 through an external interrupt. 
[0869] Alternatively, the CPU 1100 may set a flag in 
the SAM status register indicating whether the above- 
described processing is suitably perfomned, and the 
host CPU 81 0 may-read the flag by polling. 

Processing for determining the purchase mode of 
downloaded secure container 

[0870] The processing for determining the purchase 
mode of the downloaded secure container is basically 
similar to that performed by the SAM 105^ of the first 
embodiment described with reference to Fig. 38. Ac- 
cording to this processing, the key file KF^ shown in Fig. 
97C, which is discussed later, is stored in the download 
memory 167 via the work memory 200 and the down- 
load memory manager 182. 

Playback processing of content data 

[0871] The playback processing of the content data 
C, for which the purchase mode is determined, stored 



in the download memory 167 is basically similar to the 
processing performed by the SAM 105^ of the first em- 
bodiment described with reference to Fig. 40. 

^ Processing to be executed when the UCS data 166 of 
one machine is utilized for re-purchasing the content in 
another machine 

[0872] After determining the purchase mode of the 
10 content file CF downloaded into the download memory 
167 of the network device 360-,, as shown in Fig. 94, a 
new secure container 304x storing the content file CF is 
created, and is transferred from the SAM 305., to the 
SAM 3052 of the A/V machine SSOg via the bus 1 91 . This 
^5 processing in the SAM 305., is discussed below with ref- 
erence to Figs. 95 and 96. 

[0873] The processing indicated by the flow chart of 
Fig. 96 is executed, assuming that the key file KF^ and 
the hash value H^^^ therefor shown in Fig. 97C are stored 

^0 in the work memory 200 of the SAM 305^ according to 
the above-described purchase processing. 
[0874] In step 896-1, according to the user's opera- 
tion on the operation unit 1 65 shown in Figs. 88 and 94, 
the internal interrupt S810 making an instruction to 

^5 transfer the secure container, for which the purchase 
mode is detennined. to the SAM SOSg is output from the 
host CPU 810 to the CPU 1100 shown in Fig. 95. The 
accounting processor 587 updates the usage log data 
308 stored in the external memory 201 according to the 

30 detennined purchase mode under the control of the 
CPU 1100. 

[0875] In step S96-2, the SAM 305^ checks the SAM 
registration list discussed in the first embodiment so as 
to determine whether the SAM 3052, which receives the 
35 secure container, is officially registered. If so, the SAM 
305^ executes processing of step S96-3. The SAM 305^ 
also determines whether the SAM 3062 is a SAM within 
the user home network 303. 

[0876] Then, in step S96-3. the mutual authentication 
40 unit 1 70 shares the session key data Kqes obtained by 

mutual authentication with the SAM 3053. 

[0877] In step S96-4, the SAM manager 1 90 reads the 

content file CF and the signature data SIGqcp and 

SIG7 CP shown in Fig. 84A from the download memory 
45 211, and causes the signature processor 1 89 to create 

the signature data SIG41 sami using the private key 

data KsAMi o^ the SAM 305^. 

[0878] In step S96-5, the SAM manager 1 90 reads the 
key file KF and the signature data SIG7 cp and SIGq3 gp 
so shown in Fig. 84B from the download memory 21 1 , and 
causes the signature processor 589 to create the signa- 
ture data SIG42SAM1 using the private key data 
^SAM^ the SAM 305^. 

[0879] Thereafter, in step S96-6, the SAM manager 
55 1 90 creates the secure container 304x shown in Figs. 
97A through 97E. 

[0880] In step S96-7, the encryption/decryption unit 
171 encrypts the secure container 304x shown in Figs. 
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97A through 97E by using the session key data Kses 
obtained in step S96-3. 

[0B81] Then, in step S96-8, the SAM nnanager 190 
outputs the secure container 304x to the SAM SOSg of 
the AA/ nnachine SeOg shown in Fig. 94. In this case, not 
only mutual authentication between the SAMs 305^ and 
3052, but also mutual authentication of the bus 191, 
which is an IEEE-1394 serial bus, is performed. 
[0882] In step S96-9, the CPU 1100 determines 
whether the above-described processing for transfer- 
ring the secure container 304x has been correctly per- 
formed, and reports the corresponding infomnation to 
the host CPU 81 0 through an external Interrupt. 
[0883] Alternatively, the CPU 11 00 may set a register 
in the SAM status register indicating whether the above- 
described processing has been precisely performed, 
and the host CPU 810 may read the flag by polling. 
[0884] A description is now given, with reference to 
Figs. 98, 99, and 100, of the ftow of the process within 
the SAM 3052 when writing the secure container 304x 
shown in Figs. 97A through 97E input from the SAM 
305-, into the recording medium (RAM) 1304, as shown 
in Fig. 94. 

[0885] Figs. 99 and 100 are a flow chart illustrating 
the above-described processing. The recording medi- 
um (RAM) 1304 includes, as shown in Fig. 14, the un- 
secured RAM area 134^ the medium SAM 133, and the 
secure RAM area 132. 

[0886] In step S99-0, the CPU 1 1 00 of the SAM 3052 
shown in Fig. 98 receives from the host CPU 810 the 
internal interrupt S810 indicating an instruction to record 
the received secure container, for which the purchase 
mode is determined, on a recording medium. 
[0887] Then, in step S99-1 , the SAM 3052 checks the 
SAM registration list to determine whether the SAM 
3051 , which has sent the secure container, is officially 
registered. If so, the SAM 3052 executes step S99-2. 
The SAM 3052 ^'^o determines whether the SAM 305^ 
is a SAM within the user home network 303, 
[0888] In step S99-2, as the processing correspond- 
ing to step S96-3, the SAM 3052 shares the session key 
data K^£s obtained by performing mutual authentication 
with the SAM 305^. 

[0889] Then, in step S99-3, the SAM manager 1 90 of 
the SAM 3052 receives, as shown In Fig. 94, the secure 
container 304x from the SAM 305^ of the network device 
360i. 

[0890] In step S99-4, the encryption/decryption unit 
1 71 decrypts the secure container 304x received via the 
SAM manager 1 90 by using the session key data K^ss 
shared in step S99-2. 

[0891] Subsequently, in step S99-5, the content file 
CF within the decrypted secure container 304x under- 
goes processing, such as sectorizing, adding a sector 
header, scrambling, ECC encoding, modulating, and 
synchronizing, by the medium drive SAM 260 shown in 
Fig. 94, and is then recorded on the RAM area 134 of 
the recording medium (RAM) I3O4. 



[0892] In step S99-6. the signature data SIGgcp, 
SIG62.SP. and SIG41 sami within the secure container 
304x decrypted with the session key data Kqes' key 
file KF and the signature data SIGycp, SIGgssp. and 
5 SIG42 ,SAMi ' ^'^e key file KF.| and the hash value , the 
public key signature data CERsp and signature data 
SIGg, 

ESC' public key signature data CERqp and sig- 
nature data SIG-i £SC' ^^id the public key signature data 
CERsami signature data SIG22.ESC Q"*® written into 

10 the work memory 200. 

[0893] In step S99-7, in the signature processor 589, 
the signature data SIGg^ SIG., ggc. ^'^22,esc 
read from the work memory 200 is checked by using the 
public key data K^scp ^^^^ from the storage unit 192 

^5 so as to verify the integrity of the public-key certificate 
data CERgp, CER^p, and CERsami- 
[0894] Then, in the signature processor 589. the in- 
tegrity of the signature data SIGg^p is verified by using 
the public key data Kqpp stored in the public-key certif- 

20 icate data CERqp so as to verify the integrity of the cre- 
ator of the content file CF. Also in the signature proces- 
sor 589, the integrity of the signature data SIG62,sp ts 
verified by using the public key data Kgpp stored in the 
public-key certificate data CERgp so as to verify the in- 

25 tegrity of the sender of the content file CF. The signature 
processor 589 verifies the integrity of the signature data 
SIG^^ SAM1 using the public key data Ks^i^-, p stored 
in the public-key certificate data CERqami as to verify 
the integrity of the sender of the content file CF. 

30 [0895] In step S99-8, in the signature processor 589, 
the integrity of the signature data SIG7 cp, SIGgs sp. and 
SIG42,SAM1 stored in the work memory 200 is verified by 
using the public key data Kcp,p, Kspp, and Ksami,p 
stored in the public-key certificate data CERcp, CERgp, 

35 and CERsami ' respectively. 

[0896] Then, in step S99-9, in the signal processor 
589, the integrity of the signature data SIGki esc stored 
in the key file KF shown in Fig. 97B is verified by using 
the public key data K^scp read from the storage unit 

40 1 92 so as to verify the integrity of the creator of the key 
file KF. 

[0897] In step S99-10, the signature processor 589 
checks the integrity of the hash value H^i so as to verify 
the integrity of the creator and the sender of the key file 
45 KFv 

[0898] In this embodiment, the creator and the sender 
of the key file KF^ are the same. However, if they are 
different, signature data for the creator and signature 
data for the sender are created, and the integrity of both 

50 signature data is verified in the signal processor 589. 
[0899] In step S99-11 , the usage monitor 186 starts 
to control the purchase and usage modes of the content 
data C by using the UCS data 1 66 stored in the key file 
KF^ decrypted in step 899-10. 

55 [0900] Then, in step S99-12, the user determines the 
purchase mode by operating the operation unit 1 65, and 
the corresponding operation signal S1 65 is output to the 
accounting processor 587. 
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[0901] In step S99-13, the accounting processor 587 
updates the usage log data 308 stored in the external 
memory 201 based on the operation signal S165. The 
accounting processor 587 also updates the UCS data 
166 according to the detemnined purchase mode every 
time the purchase mode of the content data C Is deter- 
mined. 

[0902] Subsequently, in step S99-14, the encryption/ 
decryption unit 173 encrypts the UCS data 166 gener- 
ated in step S99-12 by sequentially using the storage 
key data KgyR the medium key data K^ed. the purchas- 
er key data Kp,^ read from the storage unit 192, and 
outputs the encrypted UCS data 166 to the medium 
drive SAM manager 855. 

[0903] In step 899-15. the medium drive SAM man- 
ager 855 perfonns processing, such as sectorizing, add- 
ing a sector header, scrambling, ECC encoding, modu- 
lating, and synchronizing, on the key file KF^ in which 
the new UCS data 166 is stored, and records it on the 
secure RAM area 132 of the recording medium (RAM) 
I3O4. 

[0904] Thereafter, in step S99-16, the key file KF is 
read from the work memory 200, and is written into the 
secure RAM area 132 of the recording medium (RAM) 
1 3O4 by the medium drive SAM 260 shown in Fig. 94 via 
the medium drive SAM manager 855. 
[0905] In step S99-17, the CPU 1100 determines 
whether the above-described processing has been cor- 
rectly performed, and reports the corresponding infor- 
mation to the host CPU 810 through an external inter- 
rupt. 

[0906] Alternatively the CPU 1100 may set a flag in 
the SAM status register indicating whether the above- 
described processing has been correctly performed, 
and the host CPU 81 0 may read the flag by polling. 
[0907] The processing for determining the purchase 
mode of the content data by a recording medium (ROM), 
and the processing for writing the content data into a 
recording medium (RAM) after the purchase mode of 
the content data is determined by a recording medium 
(ROM) are similar to those performed by the SAM 305^ 
of the first embodiment, except that the signature data 
SIGsp attached by using the private key data Kgpp by 
the service provider 31 0 is checked. 
[0908] A method for implementing the SAM 305^ is 
similar to that of the SAM 105^ of the first embodiment. 
[0909] The configuration of the user home network 
103 discussed in-the first embodiment is applicable to 
the devices employed in the user home network 303. In 
this case, the configurations of the first embodiment dis- 
cussed with reference to Figs. 64 through 79 are appli- 
cable to the circuit modules of the SAM 305^, the A/V 
compression/decompression SAM 163, the medium 
drive SAM 260, and the medium SAM 1 33. 
[0910] Similarly, the security functions described with 
reference to Fig. 62 are applicable to those of the EMD 
system 300, except for the content provider 101 is sub- 
stituted with the service provider 310. 



[0911] The connection models of the various devices 
in the user home network 303 are as follows. 
[0912] Fig. 101 illustrates an example of the connec- 
tion models of the devices in the user home network 
5 303. 

[0913] As shown in Fig. 1 01 , the network device 360^ , 
and the AN machines 36O2 and 36O3 in the user home 
network 303 are connected to each other via the lEEE- 
1394 serial bus 191. 
10 [0914] The network device 360^ includes the external 
memory 201 , the SAM 3051 , the CA module 311 , the A/ 
V compression/decompression SAM 163, and the 
download memory 167. 

[0915] The CA module 311 communicates with the 
15 service provider 31 0 via a network, such as a public line. 
The SAM 305-, communicates with the EMD service 
center 302 via a network, such as a public line. As the 
download memory 167, a Memory Stick provided with 
the medium SAM 1 67a or a hard disk drive (HDD) may 
20 be used. The download memory 1 67 stores the secure 
container 304 downloaded from the service provider 
310. 

[0916] Each device integrates a plurality of A/V com- 
pression/decompression SAMs 163 compatible with 
25 various compression/decompression methods, such as 
ATRAC3 and MPEG. 

[0917] TheSAM305-, is able to communicate with the 
contact-type or non-contact-type IC card 1141. The IC 
card 1141 stores various types of data, such as a user 
30 ID, and is used for performing user authentication in the 
SAM 305^. 

[0918] The AA/ machine 36O2 is, for example, a stor- 
age device, and after performing predetenriined 
processing between the SAMs 305^ and 3052, the se- 
35 cure container received from the network device 3601 
via the IEEE-1394 serial bus 191 is recorded on the re- 
cording medium 130. 

[0919] Likewise, the AA/ machine 36O3 is, for exam- 
ple, a storage device, and after perfonning predeter- 
40 mined processing between the SAMs 3063 and 3063, 
the secure container received from the AA/ machine 
36O2 via the IEEE-1394 serial bus 191 is recorded on 
the recording medium 130. 

[0920] In the example shown in Fig. 1 01 , the medium 
45 SAM 1 33 is loaded on the recording medium 1 30. How- 
ever, if the medium SAM 1 33 is not provided for the re- 
cording medium 130, mutual authentication between 
the SAMs 3052 ^^i^ ^053 is performed by using the me- 
dium drive SAM 260 indicated by a one-dot chain rec- 
50 tangle in Fig. 101 . 

[0921] The overall operation of the EMD system 300 
shown in Fig. 82 is described below with reference to 
Figs. 102 and 103. 

[0922] In this case, the secure container 304 is sent 
55 online from the service provider 310 to the user home 
network 303 by way of example. The processing shown 
in Figs. 1 02 and 1 03 is executed, assuming that the reg- 
istration of the content provider 301 , the service provider 
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310, and the SAMs 305^ through 3054 in the EMD serv- 
ice center 302 is completed. 

[0923] Referring to Fig. 102, in step S21, the EMD 
service center 302 sends to the content provider 301 the 
public key certificate CERcp of the public key data K^pp 
of the content provider 301 together with the signature 
data SIGi ESC of the EMD service center 302. 
[0924] The EM D service center 302 also sends to the 
service provider 31 0 the public key certificate CERsp of 
the public key data Kgpp of the service provider 31 0 to- 
gether with the signature data SIGgi esc °^ Ef\AD 
service center 302. 

[0925] The EMD service center 302 also sends the 
license key data KD^ through KD3 for three months, 
each having a one-month effective period, to the SAMs 
305^ through 3064 of the user home netw^ork 303. 
[0926] In step 522, after performing mutual authenti- 
cation, the content provider 301 authorizes the UCP da- 
la 106 and the content key data Kc by registering them 
in the EMD service center 302. The EMD service center 
302 creates the key file KF for six months shown in Fig. 
3B, and sends it to the content provider 301 . 
[0927] Then, in step S23, the content provider 301 
creates the content file CP and the signature data 
SIGq CP shown in Fig. 3A, and the key file KF and the 
signature data SIGy ^p shown in Fig. 3B, and provides 
the secure container 1 04 in which the above-described 
files and signature data, and the public-key certificate 
data CERcp and the signature data SIG^ esc stored 
to the service provider 31 0 online and/or offline. 
[0928] In step S24, after checking the signature data 
Esc shown in Fig. 3C, the service provider 31 0 ver- 
ifies the integrity of the signature data SIGgQp and 
SIG7 CP shown in Figs. 3A and 3B, respectively, by using 
the public key data Kcpp stored in the public-key certif- 
icate data CERcp, thereby verifying that the secure con- 
tainer 1 04 has been sent from the legal content provider 
301. 

[0929] Subsequently, in step S25, the service provid- 
er 31 0 creates the price tag data 31 2 and the signature 
data SIG64SP so as to generate the secure container 
304 shown in Fig. 87 in which the above-described data 
is stored. 

[0930] In step S26, the service provider 31 0 authoriz- 
es the price tag data 312 by registering it In the EMD 
service center 302. 

[0931] In step S27, the service provider 31 0 sends the 
secure container 304 created in step S25 to the decod- 
ing module 905 of the network device 360^ shown in Fig. 
89 online or offline in responseto, for example, a request 
from the CA module 31 1 of the user home network 303. 
[0932] Then, in step S28, the CA module 311 creates 
the SP purchase log data 309 and appropriately sends 
it to the service provider 31 0. 

[0933] Referring to Fig. 103, in step S29, after verify- 
ing the integrity of the signature data SIG^^ gsc shown 
in Fig. 84D, one of the SAMs 305^ through 3064 verifies 
the integrity of the signature data SIGgg^sp- ^IGgg gp, 



and SlGe4 SP shown in Figs. 84A, 84B, and 84C, respec- 
tively, by using the public key data Ksp,p stored in the 
public-key certificate data CERgp, thereby determining 
whether the predetermined data within the secure con- 
5 tainer 304 has been created and sent by the legal serv- 
ice provider 310. 

[0934] Thereafter, in step S30, after verifying the in- 
tegrity of the signature data SIG^ esc shown in Fig. 84D, 
one of the SAMs 305^ through 3054 verifies the integrity 
of the signature data SIGg cp and SlGy cp shown in 
Figs. 84A and 84B, respectively, by using the public key 
data Kcpp stored in the public-key certificate data CER- 
cp, thereby determining whether the content file CF with- 
in the secure container 304 has been created by the le- 
gal content provider 301, and whether the key file KF 
has been sent from the legal content provider 301 . 
[0935] Additionally, one of the SAMs 305^ through 
3O64 verifies the integrity of the signature data 
SIGK-i ESC within the key file KF shown in Fig. 84B by 
using the public key data Kesc.p* thereby determining 
whether the key file KF has been created by the legal 
EMD service center 302. 

[0936] In step S31 , the user detemnines the purchase 
and usage modes of the content by operating the oper- 
ation unit 165 shown in Fig. 88. 

[0937] In step S32, in the SAMs 305^ through 3054, 
the usage log data 308 of the secure container 304 is 
generated based on the internal internjpt S810 output 
from the host CPU 81 0 to the SAMs 305^ through 3064 
in step S31. 

[0938] The usage log data 308 and the signature data 
SIG205,SAM1 SI'S sent from the SAMs 305^ through 3064 
to the EMD service center 302. The UCS data 166 is 
also sent from the SAMs 305^ through 3054 to the EMD 
service center 302 in real time every time the purchase 
mode is detenmined. 

[0939] In step S33, the EMD service center 302 de- 
termines (calculates) the accounting content for each of 
the content provider 301 and the service provider 310 
based on the usage log data 308, and creates the set- 
tlement request data 152c and 152s based on the ac- 
counting content. 

[0940] Subsequently, in step 834, the EMD service 
center 302 sends the settlement request data 1 52c and 
152s together with signature data of the EMD service 
center 302 to the settlement organization 91 via the pay- 
ment gateway 90. Accordingly, the payment made by 
the user of the user home network 303 is distributed to 
the content provider 301 , the content rights holders, the 
service provider 310, and the service-provider rights 
holders. 

[0941] As described above, in the EMD system 300, 
the secure container 1 04 shown in Figs. 3A through 3C 
is distributed from the content provider 301 to the serv- 
ice provider 31 0, and the secure container 304 in which 
the content file CF and the key file KF of the secure con- 
tainer 104 are stored is sent from the service provider 
310 to the user home network 303. The processing for 



15 



20 



25 



30 



35 



40 



45 



50 



55 



BNSDOCID: <EP n30492A2J_ 



109 



EP 1 130 492 A2 



110 



the key file KF is executed in the SAMs 305^ through 
3054. 

[0942] The content key data Kc and the UCP data 1 06 
stored in the key file KF are encrypted with the license 
key data KD-, through KD3; and is decrypted only in the 
SAMs 305^ through 3064 which hold the license key da- 
ta KDi through KD3. The SAMs 306-, through 3064 are 
tamper-resistant modules, which determine the pur- 
chase and usage modes of the content data C based on 
the handling policy of the content data C described in 
the UCP data 106. 

[0943] Consequently, according to the EMD system 
300, the content data C in the user home network 303 
can be reliably purchased and utilized based on the 
UCP data 106 created by the content provider 301 or a 
content-provider related organization, independent of 
the processing In the service provider 310. That is, in 
the EMD system 300, the UCP data 1 06 cannot be man- 
aged by the service provider 310. 
[0944] Thus, in the EMD system 300, even when the 
content data C Is distributed to the user home network 

303 via a plurality of different service providers 310, 
rights processing for the content data C in the SAM of 
the user home network 303 can be performed based on 
the common UCP data 1 06 created by the content pro- 
vider 301 or the content-provider related organization. 
[0945] In the EMD system 300, the files and data with- 
in the secure containers 1 04 and 304 are provided with 
signature data, which verifies the creators and the send- 
ers of the files and data. It is thus possible for the service 
provider 310 and the SAMs 305^ through 3054 to check 
the Integrity of the files and data, and the integrity of the 
creators and the senders thereof, thereby effectively 
preventing the Illegal use of the content data C. 
[0946] In the EMD system 300, the secure container 

304 is used for distributing the content data C from the 
service provider 310 to the user home network 303 re- 
gardless of whether it is sent online or offline. This en- 
ables the SAMs 105^ through 1064 of the user home 
network 303 to perform the same rights processing re- 
gardless of whether the secure container 304 is sent on- 
line or offline. 

[0947] In purchasing, utilizing, recording, and trans- 
ferring the content data C in the network device 360i 
and the AA/ machines 36O2 through 36O4 within the user 
home network 303, processing is always executed 
based on the UCP data 106. Thus, rights processing 
rules in common to the whole user home network 303 
can be established. 

[0948] For example, as shown in Fig. 1 04, the content 
data C provided from the content provider 301 may be 
distributed from the service provider 310 to the user 
home network 303 by any method (path), such as pack- 
age distribution, a digital broadcast, the Internet, a ded- 
icated line, a digital radio, or a mobile communication. 
Even if any one of the above-descnbed methods is 
used, the common rights processing rules can be em- 
ployed In SAMs in the user home networks 303 and 



303a based on the UCP data 1 06 created by the content 
provider 301 . 

[0949] According to the EMD system 300, the EMD 
service center 302 has an authentication function, a key- 

5 data management function, and a rights processing 
(profits distribution) function. Thus, the payment made 
by the user is reliably distributed to the content provider 
301 and the EMD service center 302 according to pre- 
detemnined ratios. 

10 [0950] Also, the UCP data 106 of the same content 
file CF supplied from the same content provider 301 is 
supplied to the SAMs 305^ through 3064, independent 
of the services of the service provider 310. Accordingly, 
the content file CF can be utilized in the SAMs 305^ 

15 through 3064 based on the UCP data 1 06 at the discre- 
tion of the content provider 301 . 

[0951] That is, according to the EMD system 300, in 
providing services of the content or utilizing the content 
by the user, the rights and profits of the content provider 

20 301 can be reliably protected according to technical 
means without depending on an auditor organization 
725, which is conventionally required. 
[0952] The distribution protocols for, for example, the 
secure container, employed in the EMD system 300 of 

25 the second embodiment are as follows. 

[0953] The secure container 1 04 created in the con- 
tent provider 301 is distributed to the service provider 
310, as shown in Fig. 105, by using content-provider dis- 
tribution protocols, such as the Internet (TCP/IP) or a 

30 dedicated line (ATM Cell). 

[0954] The service provider 310 then distributes the 
secure container 1 04 created from the secure container 
1 04 to the user home network 303 by using service-pro- 
vider distribution protocols, such as a digital broadcast 

35 (XML/SMIL on MPEG-TS) the internet (XML/SMIL on 
TCP/IP), or package distribution (recording medium). 
[0955] Within the user home network 303 or 303a, or 
between the user home networks 303 and 303a, or be- 
tween the SAMs, the secure container is transferred by 

40 using a home electric commerce (EC)/distribution serv- 
ices (XMUSMIL on a 1394-serial bus interface) or a re- 
cording medium. 

[0956] While the present invention has been de- 
scribed with reference to what are presently considered 
45 to be the preferred embodiments, It is to be understood 
that the invention Is not limited to the disclosed embod- 
iments. 

[0957] For example, although in the foregoing embod- 
iments the key file KF is created in the EMD service cent- 
re er 1 02 or 302, it may be created in the content provider 
101 or 301. 

[0958] As is seen from the foregoing description, the 
data processing apparatus of the present invention of- 
fers the following advantages. Rights processing for the 
55 content data can be performed based on UCP data in- 
dicating the handling of the content data in a secure en- 
vironment. As a result, if the UCP data is created by a 
content provider, profits of the content data can be suit- 
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ably protected, and also, a load for monitoring by the 
content provider can be reduced. 
[0959] In so far as the embodiments of the invention 
described above are implemented, at least in part, using 
software-controlled data processing apparatus, it will be 5 
appreciated that a computer program providing such 
software control and a storage medium by which such 
a computer program is stored are envisaged as aspects 
of the present invention. 



Claims 

1. A data processing apparatus for perfomning rights 
processing of content data encrypted with content 
key data based on usage control policy data, and 
for decrypting the encrypted content key data, said 
data processing apparatus comprising within a 
tamper-resislanl circuit module: 

20 

a first bus; 

an arithmetic processing circuit connected to 
said first bus, for performing the rights process- 
ing of the content data based on the usage con- 
trol policy data; 25 
a storage circuit connected to said first bus; 
a second bus; 

a first interface circuit interposed between said 
first bus and said second bus; 
an encryption processing circuit connected to 3o 
said second bus, for decrypting the content key 
data; and 

an external bus interface circuit connected to 
said second bus. 

35 

2. A data processing apparatus according to claim 1 , 
further comprising a second interface circuit within 
said tamper-resistant circuit module, wherein said 
first bus comprises a third bus connected to said 
arithmetic processing circuit and said storage cir- 40 
cuit, and a fourth bus connected to said first inter- 
face circuit, and said second interface circuit is in- 
terposed between said third bus and said fourth 
bus. 

45 

3. A data processing apparatus according to claim 2, 
further comprising within said tamper-resislanl cir- 
cuit module: 

a fifth bus; so 
a third interface circuit connected to said fifth 
bus, for performing communication with a data 
processing circuit having an authentication 
function which is loaded on one of a recording 
medium and an integrated circuit card; and 55 
a fourth interface circuit interposed between 
said fourth bus and said fifth bus. 



4. A data processing apparatus according to claim 1 , 
wherein said encryption processing circuit compris- 
es a public-key encryption circuit and a common- 
key encryption circuit. 

5. A data processing apparatus according to claim 4, 
wherein: 

said storage circuit stores private key data of 
said data processing apparatus and public key 
data of a second data processing apparatus; 
said public-key encryption circuit verifies the in- 
tegrity of signature data, which verifies the in- 
tegrity of the content data, the content key data, 
and the usage control policy data, by using the 
corresponding public key data, and when re- 
cording the content data, the content key data, 
and the usage control policy data on a record- 
ing medium or when sending Ihem to said sec- 
ond data processing apparatus, said public-key 
encryption circuit creates signature data, which 
verifies the integrity of the content data, the 
content key data, and the usage control policy 
data, by using the private key data; and 
said common-key encryption circuit decrypts 
the content key data, and when sending the 
content data, the content key data, and the us- 
age control policy data to said second data 
processing apparatus online, said common- 
key encryption circuit encrypts and decrypts the 
content data, the content key data, and the us- 
age control policy data by using session key da- 
ta obtained by perfomning mutual authentica- 
tion with said second data processing appara- 
tus. 

6. A data processing apparatus according to claim 5, 
further comprising a hash-value generating circuit 
within said tamper-resistant circuit module, for gen- 
erating hash values of the content data, the content 
key data and the usage control policy data, wherein 
said public-key encryption circuit verifies the integ- 
rity of the signature data and creates the signature 
data by using the hash values. 

7. A data processing apparatus according to claim 1 , 
further comprising a random-number generating 
circuit within said tamper-resistant circuit module, 
said random-number generating circuit being con- 
nected to said second bus, for generating a random 
number for performing mutual authentication with 
said second data processing apparatus when send- 
ing the content data, the content key data, and the 
usage control policy data to said second data 
processing apparatus online. 

8. A data processing apparatus according to claim 1 . 
wherein said external bus interface circuit is con- 
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nected to an external storage circuit for storing at 
least one of the content data, the content key data, 
and the usage control policy data. 

9. A data processing apparatus according to claim 8, 
further comprising a storage-circuit control circuit 
for controlling access to said storage circuit and ac- 
cess to said external storage circuit via said external 
bus interface circuit in accordance with a command 
from said arithmetic processing circuit. 

10. A data processing apparatus according to claim 1, 
wherein said external bus interface circuit is con- 
nected to a host arithmetic processing apparatus for 
centrally controlling a system on which said data 
processing apparatus is loaded. 

11. A data processing apparatus according to claim 8, 
further comprising a storage management circuit for 
managing an address space of said storage circuit 
and an address space of said external storage cir- 
cuit. 

12. A data processing apparatus according to claim 1, 
wherein said arithmetic processing circuit deter- 
mines at least one of a purchase mode and a usage 
mode of the content data based on a handling policy 
indicated by the usage control policy data, and cre- 
ates log data indicating a result of the determined 
mode. 

1 3. A data processing apparatus according to claim 1 2, 
wherein, after detemnining the purchase mode, said 
arithmetic processing circuit creates usage control 
status data in accordance with the determined pur- 
chase mode, and controls the use of the content da- 
ta based on the usage control status data. 

14. A data processing apparatus according to claim 4, 
wherein, in recordingthecontent data, for which the 
purchase mode is determined, on a recording me- 
dium, said common-key encryption circuit encrypts 
the content key data and the usage control status 
data by using medium key data corresponding to 
said recording medium. 

15. A data processing apparatus according to claim 4, 
wherein, when the content key data is encrypted 
with license key data having an effective period, 
said storage circuit stores the license key data, said 
data processing apparatus further comprises a real 
time clock for generating real time, said arithmetic 
processing circuit reads the effective license key 
data from said storage circu it based on the real time 
indicated by said real time clock, and said common- 
key encryption circuit decrypts the content key data 
by using the read license key data. 
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16. A data processing apparatus according to claim 1 , 
wherein said storage circuit writes and erases data 
in units of blocks, and said data processing appa- 
ratus comprises within said tamper-resistant circuit 
module, a write-lock control circuit forcontrolling the 
writing and erasing of the data into and from said 
storage circuit in units of blocks under the control of 
said arithmetic processing circuit. 

17. A data processing apparatus for performing rights 
processing of content data encrypted with content 
key data based on usage control policy data, and 
for decrypting the encrypted content key data, said 
data processing apparatus comprising within a 
tamper-resistant circuit module: 

a first bus; 

an arithmetic processing circuit connected to 
said first bus, for performing the rights process- 
ing of the content data based on the usage con- 
trol policy data; 

a storage circuit connected to said first bus; 
a second bus; 

an interface circuit interposed between said 
first bus and said second bus; 
an encryption processing circuit connected to 
said second bus, for decrypting the content key 
data; and 

an external bus interface circuit connected to 
said second bus, 

wherein, upon receiving an interrupt from an 
external circuit via said external bus interface 
circuit, said arithmetic processing circuit be- 
comes a slave for said external circuit so as to 
perform processing designated by the interrupt, 
and reports a result of the processing to said 
external circuit. 

18. A data processing apparatus according to claim 1 7, 
wherein said arithmetic processing circuit reports 
the result of the processing by outputting an inter- 
rupt to said external circuit. 

19. A data processing apparatus according to claim 1 7, 
wherein said external bus interface comprises a 
common memory for said arithmetic processing cir- 
cuit and said external circuit, and said arithmetic 
processing circuit writes the result of the processing 
into said common memory, and said external circuit 
obtains the result of the processing by polling. 

20. A data processing apparatus according to claim 19, 
wherein said external bus interface comprises: 

a first status register indicating an execution 
status of the processing requested from said 
external circuit in said arithmetic processing cir- 
cuit, and including a flag set by said arithmetic 
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processing circuit and read by said external cir- 
cuit; 

a second status register indicating whether said 
external circuit has requested said arithnnetic 
processing circuit to perfomn processing, and 
including a flag set by said external circuit and 
read by said arithmetic processing circuit; and 
said connmon memory for storing a result of the 
processing. 

21 . A data processing apparatus according to claim 1 8, 
wherein said storage circuit stores an interrupt pro- 
gram describing the processing designated by the 
interrupt, and said arithmetic processing circuit per- 
forms the processing by executing the interrupt pro- 
gram read from said storage circuit. 

22. A data processing apparatus according to claim 21 , 
wherein said storage circuit stores a plurality of said 
interrupt programs, and a plurality of sub-routines 
to be read when executing the interrupt program, 
and said arithmetic processing circuit appropriately 
reads and executes the sub-routines from said stor- 
age circuit when executing the interrupt program 
read from said storage circuit. 

23. A data processing system comprising: 

an arithmetic processing apparatus, for execut- 
ing a predetennined program and for outputting 
an interrupt according to a predetenmined con- 
dition by serving as a master; and 
a data processing apparatus, for performing 
predetermined processing in response to the 
interrupt from said arithmetic processing appa- 
ratus by serving as a slave for said arithmetic 
processing apparatus, and for reporting a result 
of the processing to said arithmetic processing 
apparatus, said data processing apparatus 
comprising within a tamper-resistant circuit 
module: 

determining means for determining at least one 
of a purchase mode and a usage mode of con- 
tent data based on a handling policy indicated 
by usage control policy data; 
log data generating means for generating log 
data indicating a result of the determined mode; 
and 

decrypting means for decrypting the content 
key data. 

24. A data processing system according to claim 23, 
wherein, upon receiving the interrupt indicating an 
interrupt type, said arithmetic processing apparatus 
outputs to said data processing apparatus an inter- 
rupt indicating an instruction to execute an inten-upt 
routine corresponding to the interrupt type, and said 
data processing apparatus executes the inten-upt 



routine corresponding to the interrupt type of the in- 
terrupt received from said arithmetic processing ap- 
paratus. 

5 25. A data processing system according to claim 23, 
wherein said data processing apparatus reports a 
result of the processing by outputting an interrupt to 
said arithmetic processing apparatus. 

10 26. A data processing system according to claim 23, 
wherein said data processing apparatus comprises 
a common memory which is accessible by said data 
processing apparatus and said arithmetic process- 
ing apparatus, and said arithmetic processing ap- 

15 paratus obtains the result of the processing by ac- 
cessing said common memory through polling. 

27. A data processing system according to claim 26, 
wherein said data processing apparatus comprises 

20 a first status register indicating an execution status 
of the processing requested from said arithmetic 
processing apparatus, and including a flag read by 
said arithmetic processing apparatus; 

^5 a second status register indicating whether said 

arithmetic processing apparatus has requested 
said data processing apparatus to perform 
processing by the interrupt, and including a flag 
set by said arithmetic processing apparatus; 
30 and 

said common memory for storing a result of the 
processing. 

28. A data processing system according to claim 23, 
55 further comprising a bus for connecting said arith- 
metic processing apparatus and said data process- 
ing apparatus. 

29. A data processing system according to claim 24, 
40 wherein said data processing apparatus enters a 

low power state after completing the execution of 
one of an initial program and the interrupt routine. 

30. A data processing system according to claim 24, 
45 wherein, based on the interrupt received from said 

arithmetic processing apparatus, said data 
processing apparatus executes the interrupt routine 
in accordance with at least one of processing for 
determining one of the purchase mode and the us- 
50 age mode of the content data, processing for repro- 
ducing the content data, and processing for down- 
loading the data from a certifying authority. 

31. A data processing system according to claim 23, 
55 wherein said arithmetic processing apparatus exe- 
cutes a predetermined user program. 

32. A data processing system in which content data 
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provided by a data providing apparatus is received 
from a data distribution apparatus, and is managed 
by a management apparatus, said data processing 
system comprising: 

5 

a first processing module for receiving from 
said data distribution apparatus a module in 
which content data encrypted with content key 
data, the encrypted content key data, usage 
control policy data indicating a handling policy io 
of the content data, and phce data for the con- 
tent data detemnined by said data distribution 
apparatus are stored, and for decrypting the re- 
ceived module by using common key data, and 
for performing accounting processing for a dis- i5 
tribution service of the module by said data dis- 
tribution apparatus; 

an arithmetic processing apparatus for execut- 
ing a predetermined program and for outputting 
an interrupt according to a predetermined con- 20 
dition by serving as a master; and 
a data processing apparatus for performing 
predetemiined processing in response to the 
interrupt from said arithmetic processing appa- 
ratus by serving as a slave for said arithmetic 25 
processing apparatus, and for reporting a result 
of the processing to said arithmetic processing 
apparatus, said data processing apparatus 
comprising within a tamper-resistant circuit 
module: 30 

determining means for determining at least 
one of a purchase mode and a usage mode 
of the content data based on the handling 
policy indicated by the usage control policy 35 
data stored in the received module; 
log data generating means for generating 
tog data indicating a result of the deter- 
mined mode; 

output means for outputting the price data 40 
and the log data to said management ap- 
paratus when the purchase mode of the 
content data is determined; and 
decrypting means for decrypting the con- 
tent key data. 45 

33. A data processing system comprising: 

an arithmetic processing apparatus for execut- 
ing a predetemnined program and for outputting so 
an interrupt according to a predetermined con- 
dition by serving as a master; 
a first tamper-resistant data processing appa- 
ratus for perfomning rights processing of con- 
tent data encrypted with content key data in re- 55 
sponse to the intermpt from said arithmetic 
processing apparatus by serving as a slave for 
said arithmetic processing apparatus, and for 



reporting a result of the processing to said arith- 
metic processing apparatus; and 
a second tamper-resistant data processing ap- 
paratus for decrypting the content data by using 
the content key data obtained by perfomning 
mutual authentication with said first tamper-re- 
sistant data processing apparatus and for com- 
pressing or decompressing the content data in 
response to the interrupt from said arithmetic 
processing apparatus or said first tamper-re- 
sistant data processing apparatus by serving 
as a slave for said arithmetic processing appa- 
ratus or said first tamper-resistant data 
processing apparatus. 

34. A data processing system according to claim 33, 
further comprising a bus for connecting said arith- 
metic processing apparatus, said first tamper-re- 
sistant data processing apparatus, and said second 
tamper-resistant data processing apparatus. 

35. A data processing system comprising: 

an arithmetic processing apparatus for execut- 
ing a predetermined program and for outputting 
an interrupt according to a predetermined con- 
dition by serving as a master; 
a first tamper-resistant data processing appa- 
ratus for performing rights processing of con- 
tent data encrypted with content key data in re- 
sponse to the Interrupt from said arithmetic 
processing apparatus by serving as a slave for 
said arithmetic processing apparatus, and for 
reporting a result of the processing to said arith- 
metic processing apparatus; and 
a second tamper-resistant data processing ap- 
paratus for perfonning mutual authentication 
with said arithmetic processing apparatus and 
for reading and writing the content data from 
and into a recording medium in response to the 
interrupt output from said arithmetic processing 
apparatus. 

36. A data processing system according to claim 35, 
wherein said second tarn per- resistant processing 
apparatus decrypts and encrypts the content data 
by using medium key data corresponding to said re- 
cording medium. 

37. A data processing system according to claim 35, 
wherein, when said recording medium is provided 
with a processing circuit having a mutual authenti- 
cation function, said second tamper- resistant 
processing apparatus performs mutual authentica- 
tion with said processing circuit. 

38. A data processing system comprising: 
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an arithmetic processing apparatus for execut- 
ing a predetennined program and for outputting 
an interrupt according to a predetemnined con- 
dition by serving as a master; 
a first tamper-resistant data processing appa- 5 
ratus for perfomning mutual authentication with 
said arithmetic processing apparatus and for 
reading and writing content data from and into 
a recording medium in response to the interrupt 
from said arithmetic processing apparatus; and 
a second tamper-resistant data processing ap- 
paratus for decrypting the content data by using 
content key data and for compressing or de- 
compressing the content data in response to 
the interrupt from said arithmetic processing '5 
apparatus by serving as a slave for said arith- 
metic processing apparatus. 



metic processing apparatus. 

43. A data processing method according to claim 42, 
wherein, upon receiving the interrupt indicating an 
interrupt type, said arithmetic processing apparatus 
outputs to said data processing apparatus an inter- 
rupt indicating an instruction to execute an interrupt 
routine corresponding to the interrupt type, and said 
data processing apparatus executes the interrupt 
routine con-esponding to the processing designated 
by the interrupt received from said arithmetic 
processing apparatus. 

44. A data processing method according to claim 42, 
wherein said data processing apparatus reports the 
result of the processing by outputting an interrupt to 
said arithmetic processing apparatus. 



39. A data processing system according to claim 38, 
further comprising a storage circuit for temporarily 
storing the content data read from said recording 
medium by said first tamper- resistant data process- 
ing apparatus, and for outputting the stored content 
data to said second tamper- resistant data process- 
ing apparatus. 



45. A data processing method according to claim 42, 
wherein said data processing apparatus comprises 
a common memory which is accessible by said data 
processing apparatus and said arithmetic process- 
ing apparatus, and said arithmetic processing ap- 
paratus obtains the result of the processing by ac- 
cessing said common memory through polling. 



40. A data processing system according to claim 39, 
wherein said storage circuit utilizes part of a storage 
area of an anti-vibration storage circuit. 

41. A data processing system according to claim 38, 
further comprising a third tamper- resistant data 
processing apparatus for perfomning rights 
processing of the content data encrypted with the 
content key data in response to the interrupt from 
said arithmetic processing apparatus by serving as 
a slave for said arithmetic processing apparatus, 
and for reporting a result of the processing to said 
arithmetic processing apparatus. 

42. A data processing method using an arithmetic 
processing apparatus and a data processing appa- 
ratus, said data processing method comprising the 
steps of: 

executing, in said arithmetic processing appa- 
ratus, a predetermined program and outputting 
an interrupt according to a predetermined con- 
dition by serving as a master; and 
determining, in said data processing appara- 
tus, at least one of a purchase mode and a us- 
age mode of content data based on a handling 
policy of usage control policy data, creating log 
data indicating a result of the determined mode, 
and decrypting content key data, within a 
tamper-resistant circuit module in response to 
the interrupt from said arithmetic processing 
apparatus by serving as a slave for said arith- 



46. A data processing method according to claim 45, 
wherein: 

30 said data processing apparatus sets a flag in a 

first status register indicating an execution sta- 
tus of the processing requested by the interrupt 
from said arithmetic processing apparatus; 
said arithmetic processing apparatus reads the 
35 execution status of the processing of said data 

processing apparatus from the flag in said first 
status register; 

said arithmetic processing apparatus sets a 
flag in a second status register indicating 
whether said arithmetic processing apparatus 
has requested said data processing apparatus 
to perform the processing through the interupt; 
and 

said data processing apparatus detennines 
45 whether said arithmetic processing apparatus 

has requested said data processing apparatus 
to perform the processing from the flag in said 
second status register. 

50 47. A data processing method according to claim 42, 
wherein said data processing apparatus enters a 
low power state upon completion of the execution 
of one of an initial program and the interrupt routine. 

55 48. A data processing method according to claim 42, 
wherein, based on the interrupt received from said 
arithmetic processing apparatus, said data 
processing apparatus executes the interrupt routine 
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in accordance with at least one of processing for 
determining one of the purchase mode and the us- 
age mode of the content data, processing for repro- 
ducing the content data, and processing for down- 
loading the data from a certifying authority. 

49. A data processing method according to claim 42, 
wherein said arithmetic processing apparatus exe- 
cutes a predetermined user program. 

50. A data processing method using an arithmetic 
processing apparatus, a first data processing appa- 
ratus, and a second data processing apparatus, 
said data processing method comprising the steps 
of: 



processing to said arithmetic processing appa- 
ratus; and 

performing, in said second data processing ap- 
paratus, mutual authentication with said arith- 
5 metic processing apparatus, and reading and 

writing the content data from and into a record- 
ing medium within a tamper-resistant module 
in response to the interrupt from said arithmetic 
processing apparatus. 

10 

52. A data processing method according to claim 51 , 
wherein said second data processing apparatus de- 
crypts and encrypts the content data by using me- 
dium key data corresponding to said recording me- 
^5 dium. 



15 



executing, in said arithmetic processing appa- 
ratus, a predetemnined program and outputting 
an interrupt according to a predetennined con- 
dition by serving as a master; 
performing, in said first data processing appa- 
ratus, rights processing of content data en- 
crypted with content key data within a tamper- 
resistant module in response to the interrupt 
from said arithmetic processing apparatus by 
serving as a slave for said arithmetic process- 
ing apparatus, and reporting a result of the 
processing to said arithmetic processing appa- 
ratus; and 

decrypting, in said second data processing ap- 
paratus, the content data by using the content 
key data obtained by performing mutual au- 
thentication with said first data processing ap- 
paratus and compressing or decompressing 
the content data with in a tamper-resistant mod- 
ule in response to the interrupt from said arith- 
metic processing apparatus or said first data 
processing apparatus by serving as a slave for 
said arithmetic processing apparatus or said 
first data processing apparatus. 

51. A data processing method using an arithmetic 
processing apparatus, a first data processing appa- 
ratus, and a second data processing apparatus, 
said data processing method comprising the steps 
of: 

executing, in said arithmetic processing appa- 
ratus, a predetermined program and outputting 
an interrupt according to a predetennined con- 
dition by serving as a master; 
pcrfomiing, in said first data processing appa- 
ratus, rights processing of content data en- 
crypted with content key data within a tamper- 
resistant module in response to the inten^upt 
from said arithmetic processing apparatus by 
serving as a slave for said arithmetic process- 
ing apparatus, and reporting a result of the 



53. A data processing method according to claim 51 , 
wherein, when said recording medium is provided 
with a processing circuit having a mutual authenti- 

^0 cation function, said second data processing appa- 
ratus performs mutual authentication with said 
processing circuit. 

54. A data processing method using an arithmetic 
25 processing apparatus, a first data processing appa- 
ratus, and a second data processing apparatus, 
said data processing method comprising the steps 
of: 

executing, in said arithmetic processing appa- 
ratus, a predetermined program and outputting 
an Interrupt according to a predetermined con- 
dition by serving as a master; 
performing, in said first data processing appa- 
35 ratus, mutual authentication with said arithme- 

tic processing apparatus, and reading and writ- 
ing content data from and into a recording me- 
dium within a tamper- resistant module in re- 
sponse to the interrupt from said arithmetic 
processing apparatus; and 
decrypting, in said second data processing ap- 
paratus, the content data by using content key 
data and compressing or decompressing the 
content data within a tamper-resistant module 
in response to the interrupt from said arithmetic 
processing apparatus by serving as a slave for 
said arithmetic processing apparatus. 

55. A data processing method according to claim 54, 
so wherein the content data read from said recording 

medium by said first data processing apparatus is 
temporarily stored in a storage circuit, and the con- 
tent data read from said storage circuit is output to 
said second data processing apparatus. 

55 

56. A data processing method according to claim 55, 
wherein said storage circuit utilizes part of a storage 
area of an anti-vibration storage circuit. 
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